Ca Identifier - H3C MSR Series Command Reference Manual
Comware 7 security
Hide thumbs
Also See for MSR Series:
- Command reference manual (174 pages) ,
- Configuration manual (80 pages) ,
- Manual (33 pages)
Table of Contents
Advertisement
•
The subject name field and the issuer name field can contain a single DN, multiple FQDNs, and
multiple IP addresses.
•
The alternative subject name field can contain multiple FQDNs and IP addresses but zero DNs.
An attribute rule is a combination of an attribute-value pair with an operation keyword, as listed in
Table
57.
Table 57 Combinations of attribute-value pairs and operation keywords
Operation
ctn
nctn
equ
nequ
A certificate matches an attribute rule if it contains an attribute that matches the criterion defined in
the rule. For example, a certificate matches the attribute 1 subject-name dn ctn abc rule if it meets
the following conditions:
•
The subject name field of the certificate contains the DN attribute.
•
The DN attribute value contains the abc string.
A certificate matches an attribute group if it matches all attribute rules in the group.
Examples
# Create a certificate attribute group and enter its view.
<Sysname> system-view
[Sysname] pki certificate attribute-group mygroup
# Specify an attribute rule to match certificates that contain the abc string in the subject DN.
[Sysname-pki-cert-attribute-group-mygroup] attribute 1 subject-name dn ctn abc
# Specify an attribute rule to match certificates that do not contain FQDN abc in the issuer name
field.
[Sysname-pki-cert-attribute-group-mygroup] attribute 2 issuer-name fqdn nequ abc
# Specify an attribute rule to match certificates that do not contain IP address 10.0.0.1 in the
alternative subject name field.
[Sysname-pki-cert-attribute-group-mygroup] attribute 3 alt-subject-name ip nequ 10.0.0.1
Related commands
display pki certificate attribute-group
rule
ca identifier
Use ca identifier to specify the trusted CA.
Use undo ca identifier to restore the default.
Syntax
ca identifier name
undo ca identifier
DN
The DN contains the specified
attribute value.
The DN does not contain the
specified attribute value.
The DN is the same as the
specified attribute value.
The DN is not the same as the
specified attribute value.
FQDN/IP
Any FQDN or IP address contains the specified attribute
value.
None of the FQDNs or IP addresses contain the specified
attribute value.
Any FQDN or IP address is the same as the specified
attribute value.
None of the FQDNs or IP addresses are the same as the
specified attribute value.
452
Advertisement
Table of Contents
