R2511-HP MSR Router Series Security Command Reference(V5)

306

PKI configuration commands

The following matrix shows the FIPS and hardware compatibility:

Hardware FIPS mode

MSR900 No.

MSR93X No.

MSR20-1X No.

MSR20 Yes.

MSR30 Yes (except the MSR30-16).

MSR50 Yes.

MSR1000 Yes.

attribute

Use attribute to configure the attribute rules of the certificate issuer name, certificate subject name and

alternative certificate subject name.

Use undo attribute to delete the attribute rules of one or all certificates.

Syntax

attribute id { alt-subject-name { fqdn | ip } | { issuer-name | subject-name } { dn | fqdn | ip } } { ctn |

equ | nctn | nequ } attribute-value

undo attribute { id | all }

Default

No restriction exists on the issuer name, subject name, and alternative subject name of a certificate.

Views

Certificate attribute group view

Default command level

2: System level

Parameters

id: Specifies a sequence number for the attribute rule, in the range of 1 to 16.

alt-subject-name: Specifies the name of the alternative certificate subject.

fqdn: Specifies the FQDN of the entity.

ip: Specifies the IP address of the entity.

issuer-name: Specifies the name of the certificate issuer.

subject-name: Specifies the name of the certificate subject.

dn: Specifies the distinguished name of the entity.