F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Command Reference-6PW100
127
<Sysname> system-view
[Sysname] pki certificate attribute-group mygroup
[Sysname-pki-cert-attribute-group-mygroup] attribute 1 subject-name dn ctn abc
# Create a certificate attribute rule, specifying that the FQDN in the issuer name cannot be the string of
abc.
[Sysname-pki-cert-attribute-group-mygroup] attribute 2 issuer-name fqdn nequ abc
# Create a certificate attribute rule, specifying that the IP address in the alternative subject name cannot
be 10.0.0.1.
[Sysname-pki-cert-attribute-group-mygroup] attribute 3 alt-subject-name ip nequ 10.0.0.1
ca identifier
Use ca identifier to specify the trusted CA and bind the device with the CA.
Use undo ca identifier to remove the configuration.
Syntax
ca identifier name
undo ca identifier
Default
No trusted CA is specified for a PKI domain.
Views
PKI domain view
Default command level
2: System level
Parameters
name: Name of the trusted CA, a case-insensitive string of 1 to 63 characters.
Usage guidelines
Certificate request, retrieval, revocation, and query depend on the trusted CA.
Examples
# Specify the trusted CA as new-ca.
<Sysname> system-view
[Sysname] pki domain 1
[Sysname-pki-domain-1] ca identifier new-ca
certificate request entity
Use certificate request entity to specify the entity for certificate request.
Use undo certificate request entity to remove the configuration.
Syntax
certificate request entity entity-name
undo certificate request entity