The attribute command configures the attribute rules for the issuer name, subject name, and alternative subject name of the certificate.
The undo attribute command cancels the attribute rules of the certificate.
By default, the certificate issuer name, subject name, and alternative subject name are not restricted.
| Parameter | Description | Value |
|---|---|---|
| id |
Indicates the ID of the certificate attribute rule. |
It is an integer and ranges from 1 to 256. |
| alt-subject-name |
Indicates the alternative subject name of the certificate. |
- |
| fqdn |
Indicates the FQDN of the entity. |
- |
| issuer-name |
Indicates the name of the certificate issuer. |
- |
| subject-name |
Indicates the subject name of the certificate. |
- |
| dn |
Indicates the DN of the entity. |
- |
| ctn |
Indicates the containing operation. |
- |
| equ |
Indicates the equivalent operation. |
- |
| nctn |
Indicates the non-containing operation. |
- |
| nequ |
Indicates the non-equivalent operation. |
- |
| attribute-value |
Indicates the attribute value of the certificate. |
It is a string of 1 to 255 characters and case sensitive. |
| all |
Indicates all attribute rules. |
- |
Usage Scenario
To verify the contents of the certificate, you can configure an attribute rule of the certificate, and reference this rule in the certificate attribute control rule, ensuring that the certificate meeting specific conditions passes the verification.
Prerequisites
The certificate attribute group carries the attribute rules of the certificate. To use such an attribute rule, create a certificate attribute group first.