In ca-certificate-map mode, you specify one or more
certificate fields together with their matching criteria and the
value to match.
field-name—Specifies one of the following case-
insensitive name strings or a date:
–subject-name
–issuer-name
–unstructured-subject-name
–alt-subject-name
–name
–valid-start
–expires-on
Note Date field format is dd mm yyyy hh:mm:ss or mm dd
yyyy hh:mm:ss.
match-criteria—Specifies one of the following
logical operators:
–eq—Equal (valid for name and date fields)
–ne—Not equal (valid for name and date fields)
–co—Contains (valid only for name fields)
–nc—Does not contain (valid only for name fields)
–lt —Less than (valid only for date fields)
–ge —Greater than or equal (valid only for date
fields)
match-value—Specifies the name or date to test with
the logical operator assigned by match-criteria.
Associates the certificate-based ACL defined with the crypto
pki certificate map command to the profile.
For example: To create a certificate map for IKEv1 to match four subject-name values of the peer
enter:
# conf t
(config)# crypto pki certificate map cert-map-match-all 99
(ca-certificate-map)# subject-name co cn=CC_PEER
(ca-certificate-map)# subject-name co o=ACME
(ca-certificate-map)# subject-name co ou=North America
To Next Page
Loading...
Need help?
General
