The rule command configures the control rule for certificate attributes.
The undo rule command deletes the control rule for certificate attributes.
By default, no control rule is configured for certificate attributes.
| Parameter | Description | Value |
|---|---|---|
| id |
Indicates the number of the access control policy of certificate attributes. |
It is an integer ranging from 1 to 256. |
| deny |
Indicates that when the certificate matches the configured attributes in the attribute group, the certificate is invalid and cannot pass the check of the access control policy. |
- |
| permit |
Indicates that when the certificate matches the configured attributes in the attribute group, the certificate is valid and passes the check of the access control policy. |
- |
| group-name |
Indicates the name of the existing certificate attribute group. |
It is a string of 1 to 31 case sensitive characters. |
| all |
Indicates all access control rules for certificate attributes. |
- |
Usage Scenario
To verify the contents of the certificate, you can configure an attribute rule of the certificate, and reference this rule in the certificate attribute control rule, ensuring that the certificate meeting specific conditions passes the verification.
If multiple control rules are configured in a certificate attribute access control policy, the relationship among the rules is "or". That is, related action defined in the access control rule is implemented immediately after the certificate to be authenticated match one rule, and other rules are not matched.<HUAWEI> system-view [~HUAWEI] pki certificate attribute-group group1 [*HUAWEI-pki-attribute-group1] quit [*HUAWEI] pki certificate access-control-policy policy1 [*HUAWEI-pki-access-policy1] rule 1 permit group1