Configuring An Access Control Policy; Displaying And Maintaining Pki - HP A5830 Series Configuration Manual

To do...
Enter system view.
1.
2. Delete certificates.

Configuring an access control policy

When you configure a certificate attribute-based access control policy, you can further control access to
the server, providing additional security for the server.
To configure a certificate attribute-based access control policy:
To do...
1. Enter system view.
2. Create a certificate attribute
group and enter its view.
3. Configure an attribute rule for
the certificate issuer name,
certificate subject name, or
alternative subject name.
4. Return to system view.
5. Create a certificate attribute-
based access control policy,
and enter its view.
6. Configure a certificate
attribute-based access control
rule.

Displaying and maintaining PKI

To do...
Display the contents or request
status of a certificate
Display CRLs
Use the command...
system-view
pki delete-certificate { ca | local }
domain domain-name
Use the command...
system-view
pki certificate attribute-group
group-name
attribute id { alt-subject-name {
fqdn | ip } | { issuer-name |
subject-name } { dn | fqdn | ip } }
{ ctn | equ | nctn | nequ }
attribute-value
quit
pki certificate access-control-policy
policy-name
rule [ id ] { deny | permit } group-
name
Use the command...
display pki certificate { { ca |
local } domain domain-name |
request-status } [ | { begin |
exclude | include } regular-
expression ]
display pki crl domain domain-
name [ | { begin | exclude |
include } regular-expression ]
157
Remarks
—
Required
Remarks
—
Required.
No certificate attribute group
exists by default.
Optional.
No restriction exists on the issuer
name, certificate subject name,
and alternative subject name by
default.
—
Required.
No access control policy exists by
default.
Required.
No access control rule exists by
default.
A certificate attribute group must
exist to be associated with a rule.
Remarks
Available in any view
Available in any view