Manualshelf

HP Comware 5 Debug Manual Vol 3

ManualsBrandsHP ManualsNetwork HardwareHP HSR6804 Router Chassis
211212213214215216217218219220
Figure 2 IE client certificate
# Configure a certificate attribute group and a certificate attribute-based access control policy on the
device.
<Sysname> system-view
[Sysname] pki certificate attribute-group 1
[Sysname-pki-cert-attribute-group-1] attribute 1 issuer-name dn ctn ssl
[Sysname-pki-cert-attribute-group-1] attribute 2 issuer-name dn nctn hhh01
[Sysname-pki-cert-attribute-group-1] attribute 3 subject-name dn ctn ssl-client
[Sysname-pki-cert-attribute-group-1] quit
[Sysname] pki certificate access-control-policy 1
[Sysname-pki-cert-acp-1] rule 1 permit 1
[Sysname-pki-cert-acp-1] quit
# Enable HTTPS service.
[Sysname] ip https certificate access-control-policy 1
[Sysname] ip https ssl-server-policy ssl
[Sysname]ip https enable
[Sysname] quit
# Enable debugging for certificate attribute-based access control policy and then log in through IE.
<Sysname> debugging pki certificate access-control-policy
*0.35979976 Sysname PKI/7/PKI_Debug:PKI_Certificate: the attribute 1 Match in attribute
group '1'. Check the next attribute.
*0.35980120 Sysname PKI/7/PKI_Debug:PKI_Certificate: the attribute 2 Match in attribute
group '1'. Check the next attribute.
210