The pki certificate attribute-group command creates a certificate attribute group and displays the certificate attribute group view, or displays the view of an existing certificate attribute group.
The undo pki certificate attribute-group command deletes a certificate attribute group.
By default, no certificate attribute group is created.
| Parameter | Description | Value |
|---|---|---|
| group-name | Specifies the name of a certificate attribute group. | The value is a string of 1 to 32 case-insensitive characters without spaces and question marks. If the character string is enclosed in double quotation marks, it can contain spaces and question marks. |
A certificate attribute group contains the attribute rules of a certificate. To configure attribute rules, create a certificate attribute group first.
If multiple attribute rules are configured in a certificate attribute group, the relationship among the rules is AND. That is, the action defined in related certificate access control rule is taken only when the certificate to be verified matches all the rules.