437
Examples
# Create rule 1 to permit all certificates that match certificate attribute group
mygroup
.
<Sysname> system-view
[Sysname] pki certificate access-control-policy mypolicy
[Sysname-pki-cert-acp-mypolicy] rule 1 permit mygroup
Related commands
attribute
display pki certificate access-control-policy
pki certificate attribute-group
source
Use
source
to specify the source IP address for PKI protocol packets.
Use
undo source
to restore the default.
Syntax
source
{
ip
|
ipv6
}
{
ip-address
|
interface interface-type interface-number
}
undo source
Default
The source IP address of PKI protocol packets is the IP address of their outgoing interface.
Views
PKI domain view
Predefined user roles
network-admin
mdc-admin
Parameters
ip ip-address
: Specifies a source IPv4 address.
ipv6 ip-address
: Specifies a source IPv6 address.
interface interface-type interface-number
: Specifies an interface by its type and number. The
interface's primary IP address or the lowest IPv6 address will be used as the source IP address for
PKI protocol packets.
Usage guidelines
Use this command to specify the source IP address for PKI protocol packets. You can also specify a
source interface if the IP address is dynamically obtained.
Make sure there is a route between the source IP address and the CA server.
You can specify only one source IP address in a PKI domain. If you execute this command multiple
times, the most recent configuration takes effect.
Examples
# Specify
111.1.1.8
as the source IP address for PKI protocol packets.
<Sysname> system-view
[Sysname] pki domain aaa
[Sysname-pki-domain-aaa] source ip 111.1.1.8
# Specify
1::8
as the source IPv6 address for PKI protocol packets.