227
PKI configuration commands
The router supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for
features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more
information about FIPS mode, see
Security Configuration Guide
.
attribute
Use
attribute
to configure the attribute rules of the certificate issuer name, certificate subject name
and alternative certificate subject name.
Use
undo attribute
to delete the attribute rules of one or all certificates.
Syntax
attribute
id
{
alt-subject-name
{
fqdn
|
ip
} | {
issuer-name
|
subject-name
} {
dn
|
fqdn
|
ip
} } {
ctn
|
equ
|
nctn
|
nequ
}
attribute-value
undo attribute
{
id
|
all
}
Default
No restriction exists on the issuer name, subject name, and alternative subject name of a certificate.
Views
Certificate attribute group view
Default command level
2: System level
Parameters
id
: Specifies the sequence number of the certificate attribute rule, in the range of 1 to 16.
alt-subject-name
: Specifies the name of the alternative certificate subject.
fqdn
: Specifies the FQDN of the entity.
ip
: Specifies the IP address of the entity.
issuer-name
: Specifies the name of the certificate issuer.
subject-name
: Specifies the name of the certificate subject.
dn
: Specifies the distinguished name of the entity.
ctn
: Specifies the contain operation.
equ
: Specifies the equal operation.
nctn
: Specifies the not-contain operation.
nequ
: Specifies the not-equal operation.
attribute-value
: Specifies the certificate attribute value, a case-insensitive string of 1 to 128
characters.
all
: Specifies all certificate attributes.
Usage guidelines
The attribute of the alternative certificate subject name does not appear as a distinguished name,
and therefore the
dn
keyword is not available for the attribute.