197
Configuring an access control policy
A certificate attribute-based access control policy can further control access to the server, providing
additional security for the server.
Follow these steps to configure a certificate attribute-based access control policy:
Create a certificate attribute
group and enter its view
pki certificate attribute-group
group-name
Required
No certificate attribute group
exists by default.
Configure an attribute rule for the
certificate issuer name, certificate
subject name, or alternative
subject name
attribute id { alt-subject-name {
fqdn | ip } | { issuer-name |
subject-name } { dn | fqdn | ip } }
{ ctn | equ | nctn | nequ }
attribute-value
Optional
No restriction is defined on the
issuer name, certificate subject
name and alternative subject
name by default.
Create a certificate attribute-
based access control policy and
enter its view
pki certificate access-control-policy
policy-name
Required
No access control policy exists by
default.
Configure a certificate attribute-
based access control rule
rule [ id ] { deny | permit } group-
name
Required
No access control rule exists by
default.
CAUTION:
A certificate attribute group must exist to be associated with a rule.
Displaying and maintaining PKI
Display the contents or request
status of a certificate
display pki certificate { { ca |
local } domain domain-name |
request-status } [ | { begin |
exclude | include } regular-
expression ]
display pki crl domain domain-
name [ | { begin | exclude |
include } regular-expression ]
Display information about one or
all certificate attribute groups
display pki certificate attribute-
group { group-name | all } [ | {
begin | exclude | include }
regular-expression ]
Display information about one or
all certificate attribute-based
access control policies
display pki certificate access-
control-policy { policy-name | all }
[ | { begin | exclude | include }
regular-expression ]
To Next Page
Loading...
Need help?
General