pki certificate attribute-group

Use pki certificate attribute-group to create a certificate attribute group and enter its view, or enter the view of an existing certificate attribute group.

Use undo pki certificate attribute-group to remove a certificate attribute group.


pki certificate attribute-group group-name

undo pki certificate attribute-group group-name


No certificate attribute groups exist.


System view

Predefined user roles




group-name: Specifies a group name, a case-insensitive string of 1 to 31 characters.

Usage guidelines

A certificate attribute group is a set of attribute rules configured by using the attribute command. Each attribute rule defines a matching criterion for an attribute in the issuer name, subject name, or alternative subject name field of certificates.

A certificate attribute group must be associated with an access control rule (a permit or deny statement configured by using the rule command). If a certificate attribute group does not have any attribute rules, the system determines that the all certificates match the associated access control rule.


# Create a certificate attribute group named mygroup and enter its view.

<Sysname> system-view
[Sysname] pki certificate attribute-group mygroup

Related commands


display pki certificate attribute-group