attribute alt-subject-name ip

Function

The attribute command configures the attribute rules for the issuer name, subject name, and alternative subject name of the certificate.

The undo attribute command cancels the attribute rules of the certificate.

By default, the certificate issuer name, subject name, and alternative subject name are not restricted.

Format

attribute id alt-subject-name ip { ctn | equ | nctn | nequ } ip-address

Parameters

Parameter Description Value
id

Indicates the ID of the certificate attribute rule.

It is an integer and ranges from 1 to 256.
alt-subject-name

Indicates the alternative subject name of the certificate.

-
ip

Indicates the IP address of the entity.

-
ctn

Indicates the containing operation.

-
equ

Indicates the equivalent operation.

-
nctn

Indicates the non-containing operation.

-
nequ

Indicates the non-equivalent operation.

-
ip-address

Indicates the IP address.

The value is in dotted decimal notation.

Views

PKI attribute configuration view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
pki write

Usage Guidelines

Usage Scenario

To verify the contents of the certificate, you can configure an attribute rule of the certificate, and reference this rule in the certificate attribute control rule, ensuring that the certificate meeting specific conditions passes the verification.

Prerequisites

The certificate attribute group carries the attribute rules of the certificate. To use such an attribute rule, create a certificate attribute group first.

Example

# Create a certificate attribute rule, which defines that the IP address of the entity contains 1.1.1.1.
<HUAWEI> system-view
[~HUAWEI] pki certificate attribute-group mygroup
[*HUAWEI-pki-attribute-mygroup] attribute 1 alt-subject-name ip ctn 1.1.1.1
Parent Topic: PKI Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >