251
Step Command
1. Enter system view.
system-view
2. Destroy a local RSA key pair.
public-key local destroy rsa
Deleting a certificate
When a certificate requested manually is about to expire or you want to request a new certificate, you
can delete the current local certificate or CA certificate.
To delete a certificate:
Step Command
1. Enter system view.
system-view
2. Delete certificates.
pki delete-certificate
{
ca
|
local
}
domain
domain-name
Configuring a certificate access control policy
By configuring a certificate access control policy, you can further control access to the server,
providing additional security for the server.
To configure a certificate access control policy:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Create a certificate attribute
group and enter its view.
pki certificate attribute-group
group-name
No certificate attribute group
exists by default.
3. Configure an attribute rule
for the certificate issuer
name, certificate subject
name, or alternative subject
name.
attribute
id {
alt-subject-name
{
fqdn
|
ip
} | {
issuer-name
|
subject-name
} {
dn
|
fqdn
|
ip
} }
{
ctn
|
equ
|
nctn
|
nequ
}
attribute-value
Optional.
No restriction exists on the issuer
name, certificate subject name
and alternative subject name by
default.
4. Return to system view.
quit
N/A
5. Create a certificate access
control policy and enter its
view.
pki certificate
access-control-policy
policy-name
No access control policy exists by
default.
6. Configure a certificate
access control rule.
rule
[
id ] {
deny
|
permit
}
group-name
No access control rule exists by
default.
A certificate attribute group must
exist to be associated with a rule.
To Next Page
Loading...
