Manualshelf

HP Comware 5 Debug Manual Vol 3

ManualsBrandsHP ManualsNetwork HardwareHP HSR6804 Router Chassis
211212213214215216217218219220
*0.35980270 Sysname PKI/7/PKI_Debug:PKI_Certificate: the attribute 3 Match in attribute
group '1'. Check the next attribute.
*0.35980425 Sysname PKI/7/PKI_Debug:PKI_Certificate: Match the rule id: 1, action: permit
in access control policy '1'. Access Permit
// The client certificate passed the certificate validation after it matched Attributes 1, 2, and 3 in the
certificate attribute group.
# Disable HTTPS service and add a new certificate attribute group.
<Sysname> system-view
[Sysname] undo ip https enable
[Sysname] pki certificate attribute-group 2
[Sysname-cert-attribute-group-2] attribute 1 issuer-name dn nctn ssl
[Sysname-cert-attribute-group-2] attribute 2 issuer-name dn nctn hhh01
[Sysname-cert-attribute-group-2] attribute 3 subject-name dn ctn ssl-client
[Sysname-cert-attribute-group-2] quit
[Sysname] pki certificate access-control-policy 2
[Sysname-cert-acp-2] rule 1 permit 2
[Sysname-cert-acp-2] quit
# Enable HTTPS service.
[Sysname] ip https certificate access-control-policy 2
[Sysname] ip https ssl-server-policy ssl
[Sysname]ip https enable
# Log in by using an IE browser.
*0.38231901 Sysname PKI/7/PKI_Debug:PKI_Certificate: the attribute 1 Not Match in
attribute group '2'.
*0.38232030 Sysname PKI/7/PKI_Debug:PKI_Certificate: Not match the rule 1 inaccess control
policy'2'. Check the next rule.
*0.38232190 Sysname PKI/7/PKI_Debug:PKI_Certificate: Certificate doesn't match any rules
in access control policy '2'. Access Deny
// The client certificate failed the certificate validation after it failed to match Attribute 1, 2, or 3 of the
certificate attribute group.
# Disable HTTPS service and apply multiple certificate attribute groups to the certificate attribute-based
access control policy.
[Sysname] undo ip https enable
[Sysname] pki certificate access-control-policy 2
[Sysname-cert-acp-2] rule 1 permit 2
[Sysname-cert-acp-2] rule 2 permit 1
[Sysname-cert-acp-2] quit
# Enable HTTPS service.
[Sysname] ip https certificate access-control-policy 2
[Sysname] ip https ssl-server-policy ssl
[Sysname] ip https enable
# Log in by using an IE browser.
*0.38011098 Sysname PKI/7/PKI_Debug:PKI_Certificate: the attribute 1 Not Match in
attribute group '2'.
*0.38011221 Sysname PKI/7/PKI_Debug:PKI_Certificate: Not match the rule 1 in access
control policy'2'. Check the next rule.
*0.38011383 Sysname PKI/7/PKI_Debug:PKI_Certificate: the attribute 1 Match in
211