EasyManuals Logo

HP 5920 User Manual

HP 5920
418 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #184 background imageLoading...
Page #184 background image
nequ: Specifies the not-equal operation.
attribute-value: Sets an attribute value for the rule, a case-insensitive string of 1 to 128 characters.
Usage guidelines
Different attributes contains different attribute fields:
• Each of the subject name and the issuer name can contain only one DN, but can contain multiple
FQDNs and IP addresses.
• The alternative subject name cannot contain the DN, but can contain multiple FQDNs and IP
addresses.
Different combinations of attribute fields and operation keywords make different matching criteria, as
listed in Table 22.
Table 22 Combinations of attribute fields and operation keywords
O
p
eration DN
FQDN/IP
ctn
The DN contains the specified
attribute value.
Any FQDN or IP address contains the specified attribute
value.
nctn
The DN does not the specified
attribute value.
All FQDNs and IP addresses do not contain the specified
attribute value.
equ
The DN is exactly the same as
the specified attributed value.
Any FQDN or IP address is the same as the specified
attribute value.
nequ
The DN is not the same as the
specified attributed value.
None of the FQDNs and IP addresses is the same as the
specified attribute value.
If a certificate contains an attribute that matches the criterion defined in the rule, the attribute matches the
rule. For example, a certificate attribute rule defines a criterion that the DN of the subject name contains
the string of abc. If a certificate has the DN in the subject name containing the string of abc, the subject
name matches the rule.
A certificate matches a certificate attribute group only when the attributes of the certificate matches all
attribute rules in the group. If any mismatch is found, the certificate does not match the group.
Examples
# Create a certificate attribute group and enter its view.
<Sysname> system-view
[Sysname] pki certificate attribute-group mygroup
# Create a certificate attribute rule, specifying that the DN in the subject name contains the string of abc.
[Sysname-pki-cert-attribute-group-mygroup] attribute 1 subject-name dn ctn abc
# Create a certificate attribute rule, specifying that the FQDN in the issuer name cannot be the string of
abc.
[Sysname-pki-cert-attribute-group-mygroup] attribute 2 issuer-name fqdn nequ abc
# Create a certificate attribute rule, specifying that the IP address in the alternative subject name cannot
be 10.0.0.1.
[Sysname-pki-cert-attribute-group-mygroup] attribute 3 alt-subject-name ip nequ 10.0.0.1
172

Table of Contents

Other manuals for HP 5920

Preview: Configuration Guide
Configuration Guide322 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HP 5920 and is the answer not in the manual?

HP 5920 Specifications

General IconGeneral
BrandHP
Model5920
CategorySwitch
LanguageEnglish

Related product manuals