pki import whitelist
Function
The pki import whitelist command imports certificate whitelist files to the device memory.
The virtual system does not support this command.
Parameters
| Parameter | Description | Value |
|---|---|---|
| filename file-name | Specifies the name of a certificate whitelist file. | The value is a string of 1 to 64 case-insensitive characters without spaces or question marks. |
Usage Guidelines
Usage Scenario
In an LTE scenario, the device establishes IPSec tunnels with multiple base stations using certificate negotiation. The certificate whitelist is defined to facilitate unified management of base station certificates, determining the base stations allowed to establish IPSec tunnels with the device.
A certificate whitelist contains common names (CNs) in the certificate subjects of base stations. After PKI certificate whitelist check is enabled, the local device checks whether the CN in the certificate subject of the remote device carried in the received certificate authentication packet matches that in the local certificate whitelist. If not, authentication fails and an IPSec tunnel cannot be established between the two devices.
Before enabling PKI certificate whitelist check, run the pki import whitelist command to import the certificate whitelist file to the device memory.
Prerequisites
The certificate whitelist file already exists in the device's storage media.
Follow-up Procedure
Run the pki validate-certificate whitelist enable command to enable PKI certificate whitelist check.
Precautions
<SerialnumberList> <Serialnumber>CN-on-Certificate_of-RBS-1</Serialnumber> <Serialnumber>CN-on-Certificate_of-RBS-2</Serialnumber> </SerialnumberList>
A CN is a string of 1 to 128 case-sensitive characters, including letters, numerals, apostrophes ('), equal signs (=), parentheses (), plus signs (+), minus signs (-), periods (.), slashes (/), colons (:), at signs (@), underscores (_), and spaces.
<sysname> cd pki <sysname> cd public/