HP 5920 Command Reference Manual page 184
Hide thumbs
Also See for 5920:
- Command reference manual (607 pages) ,
- Configuration manual (424 pages) ,
- Fc and fcoe configuration manual (257 pages)
Table of Contents
Advertisement
nequ: Specifies the not-equal operation.
attribute-value: Sets an attribute value for the rule, a case-insensitive string of 1 to 128 characters.
Usage guidelines
Different attributes contains different attribute fields:
Each of the subject name and the issuer name can contain only one DN, but can contain multiple
•
FQDNs and IP addresses.
The alternative subject name cannot contain the DN, but can contain multiple FQDNs and IP
•
addresses.
Different combinations of attribute fields and operation keywords make different matching criteria, as
listed in
Table
Table 22 Combinations of attribute fields and operation keywords
Operation
ctn
nctn
equ
nequ
If a certificate contains an attribute that matches the criterion defined in the rule, the attribute matches the
rule. For example, a certificate attribute rule defines a criterion that the DN of the subject name contains
the string of abc. If a certificate has the DN in the subject name containing the string of abc, the subject
name matches the rule.
A certificate matches a certificate attribute group only when the attributes of the certificate matches all
attribute rules in the group. If any mismatch is found, the certificate does not match the group.
Examples
# Create a certificate attribute group and enter its view.
<Sysname> system-view
[Sysname] pki certificate attribute-group mygroup
# Create a certificate attribute rule, specifying that the DN in the subject name contains the string of abc.
[Sysname-pki-cert-attribute-group-mygroup] attribute 1 subject-name dn ctn abc
# Create a certificate attribute rule, specifying that the FQDN in the issuer name cannot be the string of
abc.
[Sysname-pki-cert-attribute-group-mygroup] attribute 2 issuer-name fqdn nequ abc
# Create a certificate attribute rule, specifying that the IP address in the alternative subject name cannot
be 10.0.0.1.
[Sysname-pki-cert-attribute-group-mygroup] attribute 3 alt-subject-name ip nequ 10.0.0.1
22.
DN
The DN contains the specified
attribute value.
The DN does not the specified
attribute value.
The DN is exactly the same as
the specified attributed value.
The DN is not the same as the
specified attributed value.
FQDN/IP
Any FQDN or IP address contains the specified attribute
value.
All FQDNs and IP addresses do not contain the specified
attribute value.
Any FQDN or IP address is the same as the specified
attribute value.
None of the FQDNs and IP addresses is the same as the
specified attribute value.
172
Advertisement
Table of Contents
