pki certificate attribute-group
Use pki certificate attribute-group to create a certificate attribute group and enter its view, or enter the view of an existing certificate attribute group.
Use undo pki certificate attribute-group to remove a certificate attribute group.
Syntax
pki certificate attribute-group group-name
undo pki certificate attribute-group group-name
Default
No certificate attribute groups exist.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
group-name: Specifies a group name, a case-insensitive string of 1 to 31 characters.
Usage guidelines
A certificate attribute group is a set of attribute rules configured by using the attribute command. Each attribute rule defines a matching criterion for an attribute in the issuer name, subject name, or alternative subject name field of certificates.
A certificate attribute group must be associated with an access control rule (a permit or deny statement configured by using the rule command). If a certificate attribute group does not have any attribute rules, the system determines that the all certificates match the associated access control rule.
Examples
# Create a certificate attribute group named mygroup and enter its view.
<Sysname> system-view [Sysname] pki certificate attribute-group mygroup [Sysname-pki-cert-attribute-group-mygroup]
Related commands
attribute
display pki certificate attribute-group
rule