R2511-HP MSR Router Series Security Command Reference(V5)
330
[Sysname-pki-domain-1] root-certificate fingerprint sha1
D1526110AAD7527FB093ED7FC037B0B3CDDDAD93
rule (PKI CERT ACP view)
Use rule to create a certificate attribute access control rule.
Use undo rule to delete one or all access control rules.
Syntax
rule [ id ] { deny | permit } group-name
undo rule { id | all }
Default
No access control rule exists.
Views
PKI certificate access control policy view
Default command level
2: System level
Parameters
id: Assigns a number to the statement, in the range of 1 to 16. The default is the smallest unused number
in this range.
deny: Denies the certificates that match the associated certificate group.
permit: Permits the certificates that match the associated certificate group.
group-name: Specifies a certificate attribute group by its name, a case-insensitive string of 1 to 16
characters. It cannot be a, al, or all.
all: Specifies all access control rules.
Usage guidelines
A certificate attribute group must exist to be associated with a rule.
Examples
# Create an access control rule, specifying that a certificate is considered valid when it matches an
attribute rule in the certificate attribute group mygroup.
<Sysname> system-view
[Sysname] pki certificate access-control-policy mypolicy
[Sysname-pki-cert-acp-mypolicy] rule 1 permit mygroup
state
Use state to specify the name of the state or province where an entity resides.
Use undo state to remove the configuration.
Syntax
state state-name
undo state