Configuring an access control policy, Displaying pki – H3C Technologies H3C SecPath F1000-E User Manual
Page 324
312
Configuring an access control policy
By configuring a certificate attribute-based access control policy, you can further control access to the
server, providing additional security for the server.
To configure a certificate attribute-based access control policy:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Create a certificate attribute
group and enter its view.
pki certificate attribute-group
group-name
No certificate attribute group
exists by default.
3.
Configure an attribute rule for
the certificate issuer name,
certificate subject name, or
alternative subject name.
attribute id { alt-subject-name
{ fqdn | ip } | { issuer-name |
subject-name } { dn | fqdn | ip } }
{ ctn | equ | nctn | nequ }
attribute-value
Optional.
No restriction exists on the issuer
name, certificate subject name
and alternative subject name by
default.
4.
Return to system view.
quit
N/A
5.
Create a certificate
attribute-based access control
policy and enter its view.
pki certificate access-control-policy
policy-name
No access control policy exists by
default.
6.
Configure a certificate
attribute-based access control
rule.
rule [ id ] { deny | permit }
group-name
No access control rule exists by
default.
A certificate attribute group must
exist to be associated with a rule.
Displaying PKI
Task Command
Remarks
Display the contents or request
status of a certificate.
display pki certificate { { ca | local } domain
domain-name | request-status } [ | { begin |
exclude | include } regular-expression ]
Available in any view
Display CRLs.
display pki crl domain domain-name [ | { begin
| exclude | include } regular-expression ]
Available in any view
Display information about one or
all certificate attribute groups.
display pki certificate attribute-group
{ group-name | all } [ | { begin | exclude |
include } regular-expression ]
Available in any view
Display information about one or
all certificate attribute-based
access control policies.
display pki certificate access-control-policy
{ policy-name | all } [ | { begin | exclude |
include } regular-expression ]
Available in any view
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS