EasyManuals Logo

HP MSR SERIES Command Reference

HP MSR SERIES
684 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #259 background imageLoading...
Page #259 background image
245
Each of the subject name and the issuer name can contain only one DN, but they can contain
multiple FQDNs and IP addresses.
The alternative subject name cannot contain the DN, but it can contain multiple FQDNs and IP
addresses.
Different combinations of attribute fields and operation keywords make different matching criteria, as
listed in Table 31.
Table 31 Combinations
of attribute fields and operation keywords
O
p
eration DN
FQDN/IP
ctn
The DN contains the specified
attribute value.
Any FQDN or IP address contains the specified attribute
value.
nctn
The DN does not the specified
attribute value.
None of the FQDNs and IP addresses contain the specified
attribute value.
equ
The DN is the same as the
specified attribute value.
Any FQDN or IP address is the same as the specified
attribute value.
nequ
The DN is not the same as the
specified attribute value.
None of the FQDNs and IP addresses are the same as the
specified attribute value.
If a certificate contains an attribute that matches the criterion defined in the rule, the attribute matches the
rule. For example, a certificate attribute rule defines a criterion that the DN of the subject name contains
the string of abc. If a certificate has the DN in the subject name containing the string of abc, the subject
name matches the rule.
A certificate matches a certificate attribute group only when the attributes of the certificate matches all
attribute rules in the group. If any mismatch is found, the certificate does not match the group.
Examples
# Create a certificate attribute group and enter its view.
<Sysname> system-view
[Sysname] pki certificate attribute-group mygroup
# Create a certificate attribute rule, specifying that the DN in the subject name contains the string of abc.
[Sysname-pki-cert-attribute-group-mygroup] attribute 1 subject-name dn ctn abc
# Create a certificate attribute rule, specifying that the FQDN in the issuer name cannot be the string of
abc.
[Sysname-pki-cert-attribute-group-mygroup] attribute 2 issuer-name fqdn nequ abc
# Create a certificate attribute rule, specifying that the IP address in the alternative subject name cannot
be 10.0.0.1.
[Sysname-pki-cert-attribute-group-mygroup] attribute 3 alt-subject-name ip nequ 10.0.0.1
Related commands
display pki certificate attribute-group
rule
ca identifier
Use ca identifier to specify the trusted CA.
Use undo ca identifier to remove the trusted CA.

Table of Contents

Other manuals for HP MSR SERIES

Preview: Configuration Guide
Configuration Guide889 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HP MSR SERIES and is the answer not in the manual?

HP MSR SERIES Specifications

General IconGeneral
Product SeriesMSR Series
ManufacturerHP
CategoryNetwork Router
PortsVaries by model
WAN InterfacesVaries by model
LAN InterfacesVaries by model
VPN SupportYes
FirewallYes
DimensionsVaries by model
WeightVaries by model
Wireless SupportVaries by model
ManagementWeb-based, CLI
Power SupplyVaries by model
Operating Temperature0°C to 45°C
Storage Temperature-40°C to 70°C
Humidity5% to 95% non-condensing

Related product manuals