Pki Delete-Certificate - H3C MSR Series Command Reference Manual

A certificate attribute group must be associated with an access control rule (a permit or deny
statement configured by using the rule command). If a certificate attribute group does not have any
attribute rules, the system determines that the all certificates match the associated access control
rule.
Examples
# Create a certificate attribute group named mygroup and enter its view.
<Sysname> system-view
[Sysname] pki certificate attribute-group mygroup
[Sysname-pki-cert-attribute-group-mygroup]
Related commands
attribute
display pki certificate attribute-group
rule

pki delete-certificate

Use pki delete-certificate to remove certificates from a PKI domain.
Syntax
pki delete-certificate domain domain-name { ca | local | peer [ serial serial-num ] }
Views
System view
Predefined user roles
network-admin
Parameters
domain-name: Specifies a PKI domain by its name, a case-insensitive string of 1 to 31 characters.
The domain name cannot contain the special characters listed in
Table 68 Special characters
Character name
Tilde
Asterisk
Backslash
Vertical bar
Colon
ca: Specifies the CA certificate.
local: Specifies the local certificates.
peer: Specifies the peer certificates.
serial serial-num: Specifies a peer certificate by its serial number, a case-insensitive string of 1 to
127 characters. If you do not specify a serial number, this command removes all peer certificates in
the PKI domain.
Usage guidelines
When you remove the CA certificate in a PKI domain, the system also removes the local certificates,
peer certificates, and the CRL in the PKI domain.
Symbol
~
*
\
|
:
478
Table 68.
Character name
Dot
Left angle bracket
Right angle bracket
Quotation marks
Apostrophe
Symbol
.
<
>
"
'