478
A certificate attribute group must be associated with an access control rule (a permit or deny
statement configured by using the rule command). If a certificate attribute group does not have any
attribute rules, the system determines that the all certificates match the associated access control
rule.
Examples
# Create a certificate attribute group named mygroup and enter its view.
<Sysname> system-view
[Sysname] pki certificate attribute-group mygroup
[Sysname-pki-cert-attribute-group-mygroup]
Related commands
attribute
display pki certificate attribute-group
rule
pki delete-certificate
Use pki delete-certificate to remove certificates from a PKI domain.
Syntax
pki delete-certificate domain domain-name { ca | local | peer [ serial serial-num ] }
Views
System view
Predefined user roles
network-admin
Parameters
domain-name: Specifies a PKI domain by its name, a case-insensitive string of 1 to 31 characters.
The domain name cannot contain the special characters listed in Table 68.
Table 68 Special characters
Tilde ~ Dot .
Asterisk * Left angle bracket <
Backslash \ Right angle bracket >
Vertical bar | Quotation marks "
Colon : Apostrophe '
ca: Specifies the CA certificate.
local: Specifies the local certificates.
peer: Specifies the peer certificates.
serial serial-num: Specifies a peer certificate by its serial number, a case-insensitive string of 1 to
127 characters. If you do not specify a serial number, this command removes all peer certificates in
the PKI domain.
Usage guidelines
When you remove the CA certificate in a PKI domain, the system also removes the local certificates,
peer certificates, and the CRL in the PKI domain.
To Next Page
Loading...
