1-12To do… Use the command… RemarksEnter system view system-view —Delete certificates pki delete-certificate { ca | local } domaindomain-name RequiredConfiguring an Access Control PolicyBy configuring a certificate attribute-based access control policy, you can further control access to theserver, providing additional security for the server.Follow these steps to configure a certificate attribute-based access control policy:To do… Use the command… RemarksEnter system view system-view —Create a certificate attributegroup and enter its viewpki certificate attribute-groupgroup-nameRequiredNo certificate attribute groupexists by default.Configure an attribute rule forthe certificate issuer name,certificate subject name, oralternative subject nameattribute id { alt-subject-name{ fqdn | ip } | { issuer-name |subject-name } { dn | fqdn |ip } } { ctn | equ | nctn | nequ }attribute-valueOptionalThere is no restriction on theissuer name, certificate subjectname and alternative subjectname by default.Return to system view quit —Create a certificateattribute-based access controlpolicy and enter its viewpki certificateaccess-control-policypolicy-nameRequiredNo access control policy existsby default.Configure a certificateattribute-based access controlrulerule [ id ] { deny | permit }group-nameRequiredNo access control rule exists bydefault.A certificate attribute group must exist to be associated with a rule.Displaying and Maintaining PKITo do… Use the command… RemarksDisplay the contents or requeststatus of a certificatedisplay pki certificate { { ca |local } domain domain-name |request-status }Available in any viewDisplay CRLs display pki crl domaindomain-name Available in any viewDisplay information about oneor all certificate attribute groupsdisplay pki certificateattribute-group { group-name |all }Available in any view