Deleting a certificate
When a certificate requested manually is about to expire or when you want to request a new certificate,
delete the current local certificate or CA certificate.
To do...
1.
Enter system view.
2.
Delete certificates.
Configuring an access control policy
By configuring a certificate attribute-based access control policy, further control access to the server,
providing additional security for the server.
To configure a certificate attribute-based access control policy:
To do...
1.
Enter system view.
2.
Create a certificate attribute
group and enter its view.
3.
Configure an attribute rule for
the certificate issuer name,
certificate subject name, or
alternative subject name.
4.
Return to system view.
5.
Create a certificate attribute-
based access control policy
and enter its view.
6.
Configure a certificate
attribute-based access control
rule.
Command...
system-view
pki delete-certificate { ca | local }
domain domain-name
Command...
system-view
pki certificate attribute-group
group-name
attribute id { alt-subject-name {
fqdn | ip } | { issuer-name |
subject-name } { dn | fqdn | ip } }
{ ctn | equ | nctn | nequ }
attribute-value
quit
pki certificate access-control-policy
policy-name
rule [ id ] { deny | permit } group-
name
229
Remarks
—
Required
Remarks
—
Required.
No certificate attribute group
exists by default.
Optional.
No restriction exists on the issuer
name, certificate subject name,
and alternative subject name by
default.
—
Required.
No access control policy exists by
default.
Required.
No access control rule exists by
default.
A certificate attribute group must
exist to be associated with a rule.