pki certificate attribute-group

Use pki certificate attribute-group to create a certificate attribute group and enter its view, or enter the view of an existing certificate attribute group.

Use undo pki certificate attribute-group to remove a certificate attribute group.

Syntax

pki certificate attribute-group group-name

undo pki certificate attribute-group group-name

Default

No certificate attribute groups exist.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

group-name: Specifies a group name, a case-insensitive string of 1 to 31 characters.

Usage guidelines

A certificate attribute group is a set of attribute rules configured by using the attribute command. Each attribute rule defines a matching criterion for an attribute in the issuer name, subject name, or alternative subject name field of certificates.

A certificate attribute group must be associated with an access control rule (a permit or deny statement configured by using the rule command). If a certificate attribute group does not have any attribute rules, the system determines that the all certificates match the associated access control rule.

Examples

# Create a certificate attribute group named mygroup and enter its view.

<Sysname> system-view
[Sysname] pki certificate attribute-group mygroup
[Sysname-pki-cert-attribute-group-mygroup]

Related commands

attribute

display pki certificate attribute-group

rule