Note that the attribute of the alternative certificate subject name does not appear as a distinguished
name, and therefore the dn keyword is not available for the attribute.
Examples
# Create a certificate attribute rule, specifying that the DN in the subject name includes the string of abc.
<Sysname> system-view
[Sysname] pki certificate attribute-group mygroup
[Sysname-pki-cert-attribute-group-mygroup] attribute 1 subject-name dn ctn abc
# Create a certificate attribute rule, specifying that the FQDN in the issuer name cannot be the string of
abc.
[Sysname-pki-cert-attribute-group-mygroup] attribute 2 issuer-name fqdn nequ abc
# Create a certificate attribute rule, specifying that the IP address in the alternative subject name cannot
be 10.0.0.1.
[Sysname-pki-cert-attribute-group-mygroup] attribute 3 alt-subject-name ip nequ 10.0.0.1
ca identifier
Syntax
ca identifier name
undo ca identifier
View
PKI domain view
Default Level
2: System level
Parameters
name: Identifier of the trusted CA, a case-insensitive string of 1 to 63 characters.
Description
Use the ca identifier command to specify the trusted CA and bind the device with the CA.
Use the undo ca identifier command to remove the configuration.
By default, no trusted CA is specified for a PKI domain.
Certificate request, retrieval, revocation, and query all depend on the trusted CA.
Examples
# Specify the trusted CA as new-ca.
<Sysname> system-view
[Sysname] pki domain 1
[Sysname-pki-domain-1] ca identifier new-ca
1-2