3com MSR 20-20 참조 매뉴얼
2044
C
HAPTER
134: PKI C
ONFIGURATION
C
OMMANDS
By default, there is no restriction on the issuer name, the subject name and the
alternative subject name of a certificate.
alternative subject name of a certificate.
Note that the attribute of the alternative certificate subject name does not appear
as a domain name, and therefore the dn keyword is not available for the attribute.
as a domain name, and therefore the dn keyword is not available for the attribute.
Example
# Create a certificate attribute rule, specifying that the DN in the subject name
includes the string of abc.
includes the string of abc.
<Sysname> system-view
[Sysname] pki certificate attribute-group mygroup
[Sysname-pki-cert-attribute-group-mygroup] attribute 1 subject-name
dn ctn abc
# Create a certificate attribute rule, specifying that the FQDN in the issuer name
cannot be the string of abc.
cannot be the string of abc.
[Sysname-pki-cert-attribute-group-mygroup] attribute 2 issuer-name f
qdn nequ abc
# Create a certificate attribute rule, specifying that the IP address in the alternative
subject name cannot be 10.0.0.1.
subject name cannot be 10.0.0.1.
[Sysname-pki-cert-attribute-group-mygroup] attribute 3 alt-subject-n
ame ip nequ 10.0.0.1
ca identifier
Syntax
ca identifier name
undo ca identifier
View
PKI domain view
Parameter
name: Identifier of the trusted CA, a case-insensitive string of 1 to 63 characters
Description
Use the ca identifier command to specify the trusted CA, and bind the device
with the CA name.
with the CA name.
Use the undo ca identifier command to remove the configuration.
By default, no trusted CA is specified for a PKI domain.
Certificate request, retrieval, revocation, and query all depend on the trusted CA.
Example
# Specify the trusted CA as new-ca.
<Sysname> system-view
[Sysname] pki domain 1
[Sysname-pki-domain-1] ca identifier new-ca