Filter
Top Products
2063
Example # Configure an MD5 fingerprint for validating the CA root certificate.
<Sysname> system-view
[Sysname] pki domain 1
[Sysname-pki-domain-1] root-certificate fingerprint md5 12EF53FA355C
D23E12EF53FA355CD23E
# Configure a SHA1 fingerprint for validating the CA root certificate.
[Sysname-pki-domain-1] root-certificate fingerprint sha1 D1526110AAD
7527FB093ED7FC037B0B3CDDDAD93
rule (access control policy view)
Syntax rule [ id ] { deny | permit } group-name
undo rule { id | all }
View Access control policy view
Parameter id: Number of the certificate attribute-based access control rule, in the range 1 to
16. The default is the smallest unused number in this range.
deny: Indicates that a certificate matching an attribute rule in the specified
attribute group is considered invalid and denied.
permit: Indicates that a certificate matching an attribute rule in the specified
attribute group is considered valid and permitted.
group-name: Name of the certificate attribute group to be associated with the
rule, a case-insensitive string of 1 to 16 characters. It cannot be “a”, “al” or “all”.
all: Specifies all access control rules.
Description Use the
rule command to create a certificate attribute access control rule.
Use the undo rule command to delete a specified or all access control rules.
By default, no access control rule exists.
Note that a certificate attribute group must exist to be associated with a rule.
Example # Create an access control rule, specifying that a certificate is considered valid it
matches an attribute rule in the certificate attribute group mygroup.
<Sysname> system-view
[Sysname] pki certificate access-control-policy mypolicy
[Sysname -pki-cert-acp-mypolicy] rule 1 permit mygroup
state
Syntax state state-name