Filter
Top Products
2044 CHAPTER 134: PKI CONFIGURATION COMMANDS
By default, there is no restriction on the issuer name, the subject name and the
alternative subject name of a certificate.
Note that the attribute of the alternative certificate subject name does not appear
as a domain name, and therefore the dn keyword is not available for the attribute.
Example # Create a certificate attribute rule, specifying that the DN in the subject name
includes the string of abc.
<Sysname> system-view
[Sysname] pki certificate attribute-group mygroup
[Sysname-pki-cert-attribute-group-mygroup] attribute 1 subject-name
dn ctn abc
# Create a certificate attribute rule, specifying that the FQDN in the issuer name
cannot be the string of abc.
[Sysname-pki-cert-attribute-group-mygroup] attribute 2 issuer-name f
qdn nequ abc
# Create a certificate attribute rule, specifying that the IP address in the alternative
subject name cannot be 10.0.0.1.
[Sysname-pki-cert-attribute-group-mygroup] attribute 3 alt-subject-n
ame ip nequ 10.0.0.1
ca identifier
Syntax ca identifier name
undo ca identifier
View PKI domain view
Parameter name: Identifier of the trusted CA, a case-insensitive string of 1 to 63 characters
Description Use the
ca identifier command to specify the trusted CA, and bind the device
with the CA name.
Use the
undo ca identifier command to remove the configuration.
By default, no trusted CA is specified for a PKI domain.
Certificate request, retrieval, revocation, and query all depend on the trusted CA.
Example # Specify the trusted CA as new-ca.
<Sysname> system-view
[Sysname] pki domain 1
[Sysname-pki-domain-1] ca identifier new-ca