157
To do… Use the command… Remarks
1. Enter system view.
system-view —
2. Delete certificates.
pki delete-certificate { ca | local }
domain domain-name
Required
Configuring an access control policy
When you configure a certificate attribute-based access control policy, you can further control access to
the server, providing additional security for the server.
To configure a certificate attribute-based access control policy:
To do… Use the command… Remarks
1. Enter system view.
system-view —
2. Create a certificate attribute
group and enter its view.
pki certificate attribute-group
group-name
Required.
No certificate attribute group
exists by default.
3. Configure an attribute rule for
the certificate issuer name,
certificate subject name, or
alternative subject name.
attribute id { alt-subject-name {
fqdn | ip } | { issuer-name |
subject-name } { dn | fqdn | ip } }
{ ctn | equ | nctn | nequ }
attribute-value
Optional.
No restriction exists on the issuer
name, certificate subject name,
and alternative subject name by
default.
4. Return to system view.
quit
—
5. Create a certificate attribute-
based access control policy,
and enter its view.
pki certificate access-control-policy
policy-name
Required.
No access control policy exists by
default.
6. Configure a certificate
attribute-based access control
rule.
rule [ id ] { deny | permit } group-
name
Required.
No access control rule exists by
default.
A certificate attribute group must
exist to be associated with a rule.
Displaying and maintaining PKI
To do… Use the command… Remarks
Display the contents or request
status of a certificate
display pki certificate { { ca |
local } domain domain-name |
request-status } [ | { begin |
exclude | include } regular-
expression ]
Available in any view
Display CRLs
display pki crl domain domain-
name [ | { begin | exclude |
include } regular-expression ]
Available in any view
To Next Page
Loading...
Need help?
General