Configuring Certificatemap Filters

For more information, see the Cisco Nexus 9000 Series NX-OS Security Configuration Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-installation-and-configuration-guides-list.html/

Configuring an Email Id as an Alternate Name

Note: This example was added in Release 9.3(5).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

crypto certificatemap mapname CertMap1
  filter altname-email SampleString_123

Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
pkiEp	sys/userext/pkiext
pkiCertificateMap	sys/userext/pkiext/certificatemap-CertMap1

pkiCertificateMap Properties

The following table contains information about the pkiCertificateMap properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
altnameEmail	pki:FilterName (string:CharBuffer)	Email Id as an Alternate Name	MAX SIZE: 64
name	pki:FilterName (string:CharBuffer)	CertificateMap Filter Name	MAX SIZE: 64

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting an Email Id as an Alternate Name

Note: This example was added in Release 9.3(5).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

crypto certificatemap mapname CertMap1
  no filter altname-email SampleString_123

Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
pkiEp	sys/userext/pkiext
pkiCertificateMap	sys/userext/pkiext/certificatemap-CertMap1

pkiCertificateMap Properties

The following table contains information about the pkiCertificateMap properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
altnameEmail	pki:FilterName (string:CharBuffer)	Email Id as an Alternate Name	MAX SIZE: 64
name	pki:FilterName (string:CharBuffer)	CertificateMap Filter Name	MAX SIZE: 64

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring Principal Name as an Alternate Name

Note: This example was added in Release 9.3(5).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

crypto certificatemap mapname CertMap1
  filter altname-upn SampleString_123

Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
pkiEp	sys/userext/pkiext
pkiCertificateMap	sys/userext/pkiext/certificatemap-CertMap1

pkiCertificateMap Properties

The following table contains information about the pkiCertificateMap properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
altnameUpn	pki:FilterName (string:CharBuffer)	User Principal Name as an Alternate Name	MAX SIZE: 64
name	pki:FilterName (string:CharBuffer)	CertificateMap Filter Name	MAX SIZE: 64

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting Principal Name as an Alternate Name

Note: This example was added in Release 9.3(5).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

crypto certificatemap mapname CertMap1
  no filter altname-upn SampleString_123

Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
pkiEp	sys/userext/pkiext
pkiCertificateMap	sys/userext/pkiext/certificatemap-CertMap1

pkiCertificateMap Properties

The following table contains information about the pkiCertificateMap properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
altnameUpn	pki:FilterName (string:CharBuffer)	User Principal Name as an Alternate Name	MAX SIZE: 64
name	pki:FilterName (string:CharBuffer)	CertificateMap Filter Name	MAX SIZE: 64

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Configuring Subject Name of the Certificate

Note: This example was added in Release 9.3(5).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

crypto certificatemap mapname CertMap1
  filter subject-name SampleString_123

Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
pkiEp	sys/userext/pkiext
pkiCertificateMap	sys/userext/pkiext/certificatemap-CertMap1

pkiCertificateMap Properties

The following table contains information about the pkiCertificateMap properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
name	pki:FilterName (string:CharBuffer)	CertificateMap Filter Name	MAX SIZE: 64
subjectName	pki:FilterName (string:CharBuffer)	Subject Name of the Certificate	MAX SIZE: 64

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

Deleting Subject Name of the Certificate

Note: This example was added in Release 9.3(5).

CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

crypto certificatemap mapname CertMap1
  no filter subject-name SampleString_123

Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MO	DN
pkiEp	sys/userext/pkiext
pkiCertificateMap	sys/userext/pkiext/certificatemap-CertMap1

pkiCertificateMap Properties

The following table contains information about the pkiCertificateMap properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property Name	Data Type	Description	Values
name	pki:FilterName (string:CharBuffer)	CertificateMap Filter Name	MAX SIZE: 64
subjectName	pki:FilterName (string:CharBuffer)	Subject Name of the Certificate	MAX SIZE: 64

Related Documentation

For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html