Certificate attribute-based access control allows the configuration of certification filtering policies before certificate authentication. Only the certificates meeting specific conditions can be authenticated. This achieves refined control on user access permissions.
Matching conditions can be specified based on specific fields of a certificate. When receiving a certificate, the device first checks the specific fields of the certificate. If the fields meet the conditions, the device accepts the certificate, verifies its validity based on the CA signature, and checks the validity period and revocation status (The revocation status is optional. Revocation status check depends on whether CRL authentication is enabled). If the fields do not meet the conditions, the certificate is denied.