410
Usage guidelines
A certificate attribute group is a set of attribute rules configured by using the
attribute
command.
Each attribute rule defines a matching criterion for an attribute in the issuer name, subject name, or
alternative subject name field of certificates.
A certificate attribute group must be associated with an access control rule (a permit or deny
statement configured by using the
rule
command). If a certificate attribute group does not have any
attribute rules, the system determines that the all certificates match the associated access control
rule.
Examples
# Create a certificate attribute group named
mygroup
and enter its view.
<Sysname> system-view
[Sysname] pki certificate attribute-group mygroup
[Sysname-pki-cert-attribute-group-mygroup]
Related commands
attribute
display pki certificate attribute-group
rule
pki delete-certificate
Use
pki delete-certificate
to remove certificates from a PKI domain.
Syntax
pki delete-certificate
domain domain
-
name
{
ca
|
local
|
peer
[
serial
serial-num
] }
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
domain-name
: Specifies a PKI domain by its name, a case-insensitive string of 1 to 31 characters.
The domain name cannot contain the special characters listed in
Table 51 Special characters
Character name
Symbol
Character name
Symbol
Tilde
~
Dot
.
Asterisk
*
Left angle bracket
<
Backslash
\
Right angle bracket
>
Vertical bar
|
Quotation marks
"
Colon
:
Apostrophe
'
ca
: Specifies the CA certificate.
local
: Specifies the local certificates.
peer
: Specifies the peer certificates.