Rule (Pki Cert Acp View) - HPE FlexNetwork HSR6800 Security Command Reference

Default command level
2: System level
Parameters
md5: Uses an MD5 fingerprint.
sha1: Uses a SHA1 fingerprint.
string: Specifies the fingerprint to be used. An MD5 fingerprint must be a string of 32 characters in
hexadecimal. A SHA1 fingerprint must be a string of 40 characters in hexadecimal.
Examples
# Configure an MD5 fingerprint for verifying the validity of the CA root certificate.
<Sysname> system-view
[Sysname] pki domain 1
[Sysname-pki-domain-1] root-certificate fingerprint md5
12EF53FA355CD23E12EF53FA355CD23E
# Configure a SHA1 fingerprint for verifying the validity of the CA root certificate.
[Sysname-pki-domain-1] root-certificate fingerprint sha1
D1526110AAD7527FB093ED7FC037B0B3CDDDAD93

rule (PKI CERT ACP view)

Use rule to create a certificate attribute access control rule.
Use undo rule to delete one or all access control rules.
Syntax
rule [ id ] { deny | permit } group-name
undo rule { id | all }
Default
No access control rule exists.
Views
PKI certificate access control policy view
Default command level
2: System level
Parameters
id: Specifies the ID of the certificate attribute access control rule. The value range is 1 to 16, and the
default is the smallest unused number in this range.
deny: Indicates that a certificate whose attributes match an attribute rule in the specified attribute
group is considered invalid and denied.
permit: Indicates that a certificate whose attributes match an attribute rule in the specified attribute
group is considered valid and permitted.
group-name: Specifies a certificate attribute group by its name, a case-insensitive string of 1 to 16
characters. It cannot be a, al, or all.
all: Specifies all access control rules.
Usage guidelines
A certificate attribute group must exist to be associated with a rule.
250