Manualshelf

R2511-HP MSR Router Series Security Command Reference(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router
321322323324325326327328329330
307
ctn: Specifies the contain operation.
equ: Specifies the equal operation.
nctn: Specifies the not-contain operation.
nequ: Specifies the not-equal operation.
attribute-value: Sets an attribute value for the rule, a case-insensitive string of 1 to 128 characters.
all: Specifies all certificate attributes.
Usage guidelines
The attribute of the alternative certificate subject name does not appear as a distinguished name, and
therefore the dn keyword is not available for the attribute.
Examples
# Create a certificate attribute rule, specifying that the DN in the subject name includes the string of abc.
<Sysname> system-view
[Sysname] pki certificate attribute-group mygroup
[Sysname-pki-cert-attribute-group-mygroup] attribute 1 subject-name dn ctn abc
# Create a certificate attribute rule, specifying that the FQDN in the issuer name cannot be the string of
abc.
[Sysname-pki-cert-attribute-group-mygroup] attribute 2 issuer-name fqdn nequ abc
# Create a certificate attribute rule, specifying that the IP address in the alternative subject name cannot
be 10.0.0.1.
[Sysname-pki-cert-attribute-group-mygroup] attribute 3 alt-subject-name ip nequ 10.0.0.1
ca identifier
Use ca identifier to specify the trusted CA and bind the device with the CA.
Use undo ca identifier to remove the configuration.
Syntax
ca identifier name
undo ca identifier
Default
No trusted CA is specified for a PKI domain.
Views
PKI domain view
Default command level
2: System level
Parameters
name: Specifies the name of the trusted CA, a case-insensitive string of 1 to 63 characters.
Usage guidelines
Certificate request, retrieval, revocation, and query depend on the trusted CA.