The pki whitelist filter enable command enables the suffix filtering function to filter suffixes of whitelists imported into the device and common name suffixes of the certificates received from the peer end during whitelist-based IPsec certificate negotiation.
The undo pki whitelist filter enable command disables the suffix filtering function.
By default, the suffix filtering function is not enabled.
Usage Scenario
In whitelist-based IPsec certificate authentication scenarios, when the names of whitelists imported into a device or common names of the certificates received from the peer end are redundant, run the pki whitelist filter enable command to simplify the imported whitelists. For example, after the common name of a base station certificate on the live network is imported into a whitelist, a record carrying different suffixes may be generated, causing one base station in the whitelist to consume multiple whitelist resources. To resolve this problem, run the pki whitelist filter enable command.