Deleting a certificate, Configuring an access control policy, Displaying and maintaining pki – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 291
277
Deleting a certificate
When a certificate requested manually is about to expire or you want to request a new certificate, you
can delete the current local certificate or CA certificate.
To delete a certificate:
Step Command
1.
Enter system view.
system-view
2.
Delete certificates.
pki delete-certificate { ca | local } domain domain-name
Configuring an access control policy
By configuring a certificate attribute-based access control policy, you can further control access to the
server, providing additional security for the server.
To configure a certificate attribute-based access control policy:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Create a certificate attribute
group and enter its view.
pki certificate attribute-group
group-name
No certificate attribute group
exists by default.
3.
Configure an attribute rule for
the certificate issuer name,
certificate subject name, or
alternative subject name.
attribute id { alt-subject-name
{ fqdn | ip } | { issuer-name |
subject-name } { dn | fqdn | ip } }
{ ctn | equ | nctn | nequ }
attribute-value
Optional.
No restriction exists on the issuer
name, certificate subject name
and alternative subject name by
default.
4.
Return to system view.
quit
N/A
5.
Create a certificate
attribute-based access control
policy and enter its view.
pki certificate access-control-policy
policy-name
No access control policy exists by
default.
6.
Configure a certificate
attribute-based access control
rule.
rule [ id ] { deny | permit }
group-name
No access control rule exists by
default.
A certificate attribute group must
exist to be associated with a rule.
Displaying and maintaining PKI
Task Command
Remarks
Display the contents or request
status of a certificate.
display pki certificate { { ca | local }
domain domain-name |
request-status } [ | { begin |
exclude | include }
regular-expression ]
Available in any view
- H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C LSWM1WCM10 Access Controller Module H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C WA3600 Series Access Points H3C WA2600 Series WLAN Access Points H3C S10500 Series Switches H3C S5800 Series Switches H3C S5820X Series Switches H3C S12500 Series Switches H3C S9500E Series Switches H3C MSR 5600 H3C MSR 50 H3C MSR 3600 H3C MSR 30 H3C MSR 2600 H3C MSR 20-2X[40] H3C MSR 20-1X H3C MSR 930 H3C MSR 900 H3C SR8800 H3C SR6600-X H3C SR6600 H3C SecPath F5020 H3C SecPath F5040 H3C VMSG VFW1000