Name | Data Type | Qualifiers |
Name | Data Type | Value | Scope | Flavors |
AltSubject | string |
Description | string | Alternate subject identifier for the Certificate. | None | TRANSLATABLE= true |
MaxLen | uint32 | 256 | None | None |
Caption | string |
Description | string | The Caption property is a short textual description (one- line string) of the object. | None | TRANSLATABLE= true |
MaxLen | uint32 | 64 | None | None |
Description | string |
Description | string | The Description property provides a textual description of the object. | None | TRANSLATABLE= true |
ElementName | string |
Description | string | A user-friendly name for the object. This property allows each instance to define a user-friendly name in addition to its key properties, identity data, and description information.
Note that the Name property of ManagedSystemElement is also defined as a user-friendly name. But, it is often subclassed to be a Key. It is not reasonable that the same property can convey both identity and a user-friendly name, without inconsistencies. Where Name exists and is not a Key (such as for instances of LogicalDevice), the same information can be present in both the Name and ElementName properties. | None | TRANSLATABLE= true |
EncodedCertificate | uint8 |
Description | string | The full content of the certificate in binary form. | None | TRANSLATABLE= true |
OctetString | boolean | true | None | OVERRIDABLE= false
|
Expires | datetime |
Description | string | The date and time when the credential expires (and is not appropriate for use for authentication/ authorization). If this information is not applicable, Use a value of '99991231235959.999999+999', (1 microsecond before midnight, December 31, 9999 CE, at coordinated universal time + 999 minutes).
On CreateInstance, if this property is unspecified, or set to NULL, then a value of '99991231235959.999999+999' is assumed. Note that this property does not define how the expiration is set - but that there IS an expiration. The property may be set to either a specific date/time or an interval (calculated from the Issued datetime). For example, for Certificate Authority-signed public key, the expiration is determined by the CA. Another example is a voice mail password that expires 60 days after it is set/issued. | None | TRANSLATABLE= true |
ExtendedKeyUsage | string |
Description | string | This extension indicates one or more purposes for which the certified public key may be used, in addition to or in place of the basic purposes indicated in the key usage extension. | None | TRANSLATABLE= true |
Generation | uint64 |
Description | string | Generation is an optional, monotonically increasing property that may be used to identify a particular generation of the resource represented by this class.
If Generation is supported by the implementation, its value shall not be null.
Except as otherwise specified, a value (including null) of Generation specified at creation time shall be replaced by null if Generation is not supported by the implementation or shall be a, (possibly different), non-null value if the implementation does support Generation.
After creation and if supported, Generation shall be updated, at least once per access, whenever the represented resource is modified, regardless of the source of the modification.
Note: the Generation value only needs to be updated once between references, even if the resource is updated many times. The key point is to assure that it will be different if there have been updates, not to count each update.
Note: unless otherwise specified, the value of Generation within one instance is not required to be coordinated with the value of Generation in any other instance.
Note:the semantics of the instance, (as defined by its creation class), define the underlying resource. That underlying resource may be a collection or aggregation of resources. And, in that case, the semantics of the instance further define when updates to constituent resources also require updates to the Generation of the collective resource. Default behavior of composite aggregations should be to update the Generation of the composite whenever the Generation of a component is updated.
Subclasses may define additional requirements for updates on some or all of related instances.
For a particular instance, the value of Generation may wrap through zero, but the elapsed time between wraps shall be greater than 10's of years.
This class does not require Generation to be unique across instances of other classes nor across instances of the same class that have different keys. Generation shall be different across power cycles, resets, or reboots if any of those actions results in an update. Generation may be different across power cycles, resets, or reboots if those actions do not result in an update. If the Generation property of an instance is non-null, and if any attempt to update the instance includes the Generation property, then if it doesn't match the current value, the update shall fail.
The usage of this property is intended to be further specified by applicable management profiles.
Typically, a client will read the value of this property and then supply that value as input to an operation that modifies the instance in some means. This may be via an explicit parameter in an extrinsic method or via an embedded value in an extrinsic method or intrinsic operation.
For example: a profile may require that an intrinsic instance modification supply the Generation property and that it must match for the modification to succeed. | None | TRANSLATABLE= true |
Experimental | boolean | true | TOSUBCLASS= false | None |
InstanceID | string |
Description | string | Within the scope of the instantiating Namespace, InstanceID opaquely and uniquely identifies an instance of this class. In order to ensure uniqueness within the NameSpace, the value of InstanceID SHOULD be constructed using the following 'preferred' algorithm:
<OrgID>:<LocalID>
Where <OrgID> and <LocalID> are separated by a colon ':', and where <OrgID> MUST include a copyrighted, trademarked or otherwise unique name that is owned by the business entity creating/defining the InstanceID, or is a registered ID that is assigned to the business entity by a recognized global authority. (This is similar to the <Schema Name>_<Class Name> structure of Schema class names.) In addition, to ensure uniqueness, <OrgID> MUST NOT contain a colon (':'). When using this algorithm, the first colon to appear in InstanceID MUST appear between <OrgID> and <LocalID>.
<LocalID> is chosen by the organizational entity and SHOULD not be re-used to identify different underlying (real-world) elements. If the above 'preferred' algorithm is not used, the defining entity MUST assure that the resultant InstanceID is not re-used across any InstanceIDs produced by this or other providers for this instance's NameSpace.
For DMTF defined instances, the 'preferred' algorithm MUST be used with the <OrgID> set to 'CIM'. | None | TRANSLATABLE= true |
Key | boolean | true | None | OVERRIDABLE= false
|
Override | string | InstanceID | TOSUBCLASS= false | None |
Issued | datetime |
Description | string | The date and time when the credential was issued. Use a value of all '00000101000000.000000+000', (midnight, January 1, 1 BCE at coordinated universal time +0 minutes), if this information is not applicable. On CreateInstance, if this property is unspecified, or set to NULL, then current time is assumed. | None | TRANSLATABLE= true |
IssuerName | string |
Description | string | Issuer name who signed the credential. | None | TRANSLATABLE= true |
IssuerUID | uint8 |
Description | string | String that identifies the issuer of the certificate. | None | TRANSLATABLE= true |
OctetString | boolean | true | None | OVERRIDABLE= false
|
IsValid | uint16 |
Description | string | IsValid represents whether the certificate is currently valid. When the certificate is revoked or expired the IsValid shall be set to 3(InValid). | None | TRANSLATABLE= true |
ValueMap | string | 0, 2, 3, 4..32767, 32768..65535 | None | None |
Values | string | Unknown, Valid, Invalid, DMTF Reserved, Vendor Specified | None | TRANSLATABLE= true |
KeyUsage | uint16 |
Description | string | Key usage defines the purpose of the key. Key usage could include digital signing, key agreement, certificate signing, and more. The key usage is an extension to the X.509 specification. | None | TRANSLATABLE= true |
ValueMap | string | 0, 2, 3, 4, 5, 6, 7, 8..32767, 32768..65535 | None | None |
Values | string | Unknown, Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment, Key Agreement, Key Certificate Signature, DMTF Reserved, Vendor Specified | None | TRANSLATABLE= true |
MD5Fingerprint | uint8 |
Description | string | Digital signature algorithm that verifies data integrity by creating a 128-bit message digest or fingerprint. The fingerprint is unique to the input data and contains the binary hash of the encoded X509 object such as encoded certificate or CRL. | None | TRANSLATABLE= true |
OctetString | boolean | true | None | OVERRIDABLE= false
|
OtherSignatureAlgorithm | string |
Description | string | A string describing the signature algorithm when the SignatureAlgorithm property has the value 1, "Other". | None | TRANSLATABLE= true |
PathLengthConstraint | uint16 |
Description | string | An X.509 certificate may contain an optional extension that identifies whether the subject of the certificate is a certificate authority (CA). If the subject is a CA, this property defines the number of certificates that may follow this certificate in a certification chain. | None | TRANSLATABLE= true |
PublicKey | uint8 |
Description | string | The DER-encoded raw public key that belongs to the subject the certificate vouches for. | None | TRANSLATABLE= true |
OctetString | boolean | true | None | OVERRIDABLE= false
|
PublicKeyAlgorithm | uint16 |
Description | string | Public key algorithm. | None | TRANSLATABLE= true |
ValueMap | string | 0, 2, 3, 4..32767, 32768..65535 | None | None |
Values | string | Unknown, RSA, DSA, DMTF Reserved, Vendor Specified | None | TRANSLATABLE= true |
PublicKeySize | uint16 |
Description | string | The length of the public key represented in the PublicKey property. | None | TRANSLATABLE= true |
SerialNumber | uint8 |
Description | string | Unique number that identifies this certificate. | None | TRANSLATABLE= true |
OctetString | boolean | true | None | OVERRIDABLE= false
|
SHA1Fingerprint | uint8 |
Description | string | Secure hashing algorithm, a cryptographic message digest algorithm used to verify data integrity by making replication of the fingerprint. The fingerprint is unique to the input data and contains the binary hash of the encoded X509 object such as encoded certificate or CRL. | None | TRANSLATABLE= true |
OctetString | boolean | true | None | OVERRIDABLE= false
|
Signature | uint8 |
Description | string | Certificate authority's or credential owner's identifying digest that confers validity on a signed credential. | None | TRANSLATABLE= true |
OctetString | boolean | true | None | OVERRIDABLE= false
|
SignatureAlgorithm | uint16 |
Description | string | Algorithm used to generate the signature. The algorithms specified are described in RFC3279. If the value of this property is 1, "Other", then the OtherSignatureAlgorithm shall be non NULL, non blank string | None | TRANSLATABLE= true |
ValueMap | string | 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19..32567, 32568..65535 | None | None |
Values | string | Other, SHA1withDSA, SHA1withECDSA, SHA224withECDSA, SHA256withECDSA, SHA384withECDSA, SHA512withECDSA, GOST3411withGOST3410, GOST3411withECGOST3410, MD2withRSA, MD5withRSA, SHA1withRSA, SHA224withRSA, SHA256withRSA, SHA384withRSA, SHA512withRSA, RIPEMD160withRSA, RIPEMD128withRSA, RIPEMD256withRSA, DMTF Reserved, Vendor Reserved | None | TRANSLATABLE= true |
SignatureAlgorithmOID | string |
Description | string | Object ID of the signature algorithm. | None | TRANSLATABLE= true |
Subject | string |
Description | string | Certificate subject identifier. | None | TRANSLATABLE= true |
MaxLen | uint32 | 256 | None | None |
SubjectUID | uint8 |
Description | string | Identifies the subject of the certificate. | None | TRANSLATABLE= true |
OctetString | boolean | true | None | OVERRIDABLE= false
|
TBSCertificate | uint8 |
Description | string | The To Be Signed (TBS) certificate is used as an input data to the signature algorithm when the certificate is signed or verified. | None | TRANSLATABLE= true |
OctetString | boolean | true | None | OVERRIDABLE= false
|
ValidFrom | datetime |
Description | string | Start date of the credential validity time period. If this information is not applicable, use a value of "99991231235959.999999+999", 1 microsecond before midnight, December 31, 9999 CE, at coordinated universal time + 999 minutes. On CreateInstance, if this property is unspecified, or set to NULL, then a value of "99991231235959.999999+999" is assumed. | None | TRANSLATABLE= true |
Experimental | boolean | true | TOSUBCLASS= false | None |
Version | string |
Description | string | Version of X.509. | None | TRANSLATABLE= true |
Copyright © 2008-2010 VMware, Inc. All rights reserved.