256
For more information about the public-key local destroy command, see Security Command Reference.
Deleting a certificate
When a certificate requested manually is about to expire or you want to request a new certificate, you
can delete the current local certificate or CA certificate.
To delete a certificate:
Step Command
1. Enter system view.
system-view
2. Delete certificates.
pki delete-certificate { ca | local } domain domain-name
Configuring an access control policy
By configuring a certificate attribute access control policy, you can further control access to the server,
providing additional security for the server.
To configure a certificate attribute access control policy:
Ste
Command
Remarks
1. Enter system view. system-view N/A
2. Create a certificate attribute
group and enter its view.
pki certificate attribute-group
group-name
No certificate attribute group
exists by default.
3. Configure an attribute rule for
the certificate issuer name,
certificate subject name, or
alternative subject name.
attribute id { alt-subject-name
{ fqdn | ip } | { issuer-name |
subject-name } { dn | fqdn | ip } }
{ ctn | equ | nctn | nequ }
attribute-value
Optional.
No restriction exists on the issuer
name, certificate subject name
and alternative subject name by
default.
4. Return to system view.
quit N/A
5. Create a certificate attribute
access control policy and
enter its view.
pki certificate access-control-policy
policy-name
No access control policy exists by
default.
6. Configure a certificate
attribute access control rule.
rule [ id ] { deny | permit }
group-name
No access control rule exists by
default.
A certificate attribute group must
exist to be associated with a rule.
Displaying and maintaining PKI
To Next Page
Loading...
Need help?
General
