Deleting A Certificate; Configuring An Access Control Policy - HP 3600 v2 Series Security Configuration Manual

Deleting a certificate

When a certificate requested manually is about to expire or you want to request a new certificate, you
can delete the current local certificate or CA certificate.
Follow these steps to delete a certificate:
To do...
Enter system view
Delete certificates

Configuring an access control policy

By configuring a certificate attribute-based access control policy, you can further control access to the
server, providing additional security for the server.
Follow these steps to configure a certificate attribute-based access control policy:
To do...
Enter system view
Create a certificate attribute group
and enter its view
Configure an attribute rule for the
certificate issuer name, certificate
subject name, or alternative
subject name
Return to system view
Create a certificate attribute-based
access control policy and enter its
view
Configure a certificate
attribute-based access control rule
Use the command...
system-view
pki delete-certificate { ca | local }
domain domain-name
Use the command...
system-view
pki certificate attribute-group
group-name
attribute id { alt-subject-name
{ fqdn | ip } | { issuer-name |
subject-name } { dn | fqdn | ip } }
{ ctn | equ | nctn | nequ }
attribute-value
quit
pki certificate access-control-policy
policy-name
rule [ id ] { deny | permit }
group-name
250
Remarks
—
Required
Remarks
—
Required
No certificate attribute group
exists by default.
Optional
No restriction exists on the issuer
name, certificate subject name
and alternative subject name by
default.
—
Required
No access control policy exists by
default.
Required
No access control rule exists by
default.
A certificate attribute group must
exist to be associated with a rule.