Ca Identifier - H3C MSR 20-20 Command Reference Manual
Msr 20/30/50 series routers
Hide thumbs
Also See for MSR 20-20:
- Installation manual (73 pages) ,
- User manual (60 pages) ,
- Supplementary manual (6 pages)
Table of Contents
Advertisement
2044
C
134: PKI C
HAPTER
Example
ca identifier
Syntax
View
Parameter
Description
Example
C
ONFIGURATION
OMMANDS
By default, there is no restriction on the issuer name, the subject name and the
alternative subject name of a certificate.
Note that the attribute of the alternative certificate subject name does not appear
as a domain name, and therefore the dn keyword is not available for the attribute.
# Create a certificate attribute rule, specifying that the DN in the subject name
includes the string of abc.
<Sysname> system-view
[Sysname] pki certificate attribute-group mygroup
[Sysname-pki-cert-attribute-group-mygroup] attribute 1 subject-name
dn ctn abc
# Create a certificate attribute rule, specifying that the FQDN in the issuer name
cannot be the string of abc.
[Sysname-pki-cert-attribute-group-mygroup] attribute 2 issuer-name f
qdn nequ abc
# Create a certificate attribute rule, specifying that the IP address in the alternative
subject name cannot be 10.0.0.1.
[Sysname-pki-cert-attribute-group-mygroup] attribute 3 alt-subject-n
ame ip nequ 10.0.0.1
ca identifier name
undo ca identifier
PKI domain view
name: Identifier of the trusted CA, a case-insensitive string of 1 to 63 characters
Use the
ca identifier
with the CA name.
Use the
undo ca identifier
By default, no trusted CA is specified for a PKI domain.
Certificate request, retrieval, revocation, and query all depend on the trusted CA.
# Specify the trusted CA as new-ca.
<Sysname> system-view
[Sysname] pki domain 1
[Sysname-pki-domain-1] ca identifier new-ca
command to specify the trusted CA, and bind the device
command to remove the configuration.
Advertisement
Chapters
Table of Contents
