The pki import whitelist command imports the PKI whitelist in a specified XML file to a device.
The undo pki import whitelist command deletes the PKI whitelist in a specified XML file from a device.
The undo pki import whitelist all command deletes all PKI whitelists.
By default, the PKI whitelist in an XML file is not imported to a device.
| Parameter | Description | Value |
|---|---|---|
| file-name filename |
Specifies the name of an XML file. You can import a whitelist to the root directory or level-1 directory. For example: pki import whitelist filename aaa.xml. pki import whitelist filename bbb/aaa.xml. |
The value is a string of 1 to 127 characters. |
Usage Scenario
In LTE scenarios, a security gateway and base stations use certificates to negotiate IPsec tunnels. The PKI whitelist on the security gateway can be used to uniformly manage certificates of base stations. If PKI whitelist check is enabled on the security gateway, the common names in the certificate subjects of base stations must be imported to the security gateway's PKI whitelist for certificate verification of the base stations. To import the PKI whitelist in a specified XML file to a device, run the pki import whitelist command.
Precautions
Before importing the PKI whitelist in a specified XML file to a device, ensure that the XML file has been saved on the main control board's CF card.
The XML file is 7-bit ASCII-encoded in the following format: CN-on-Certificate_of-RBS-1 CN-on-Certificate_of-RBS-2 Deleting XML files that have been imported to a device is not allowed. If you forcibly delete such an XML file, the PKI whitelists imported through this XML file cannot be deleted. Different XML files can contain the same PKI whitelists. A PKI whitelist is deleted only after all XML files containing this PKI whitelist are deleted.