Configuring An Access Control Policy; Displaying And Maintaining Pki - H3C S3100 Series Operation Manual

Configuring an Access Control Policy

By configuring a certificate attribute-based access control policy, you can further control access to the
server, providing additional security for the server.
Follow these steps to configure a certificate attribute-based access control policy:
To do...
Enter system view
Create a certificate attribute
group and enter its view
Configure an attribute rule for
the certificate issuer name,
certificate subject name, or
alternative subject name
Return to system view
Create a certificate
attribute-based access control
policy and enter its view
Configure a certificate
attribute-based access control
rule
A certificate attribute group must exist to be associated with a rule.

Displaying and Maintaining PKI

To do...
Display the contents or request
status of a certificate
Display CRLs
Display information about one
or all certificate attribute groups
Display information about one
or all certificate attribute-based
access control policies
Use the command...
system-view
pki certificate attribute-group
group-name
attribute id { alt-subject-name
{ fqdn | ip } | { issuer-name |
subject-name } { dn | fqdn |
ip } } { ctn | equ | nctn | nequ }
attribute-value
quit
pki certificate
access-control-policy
policy-name
rule [ id ] { deny | permit }
group-name
Use the command...
display pki certificate { { ca |
local } domain domain-name |
request-status }
display pki crl domain
domain-name
display pki certificate
attribute-group { group-name |
all }
display pki certificate
access-control-policy
{ policy-name | all }
1-12
Remarks
—
Required
No certificate attribute group
exists by default.
Optional
There is no restriction on the
issuer name, certificate subject
name and alternative subject
name by default.
—
Required
No access control policy exists
by default.
Required
No access control rule exists by
default.
Remarks
Available in any view
Available in any view
Available in any view
Available in any view