Cisco Cisco Identity Services Engine 1.3 Merkblatt

安全访问操作指南

#2: ObjectId: 2.5.29.37 Criticality=false

ExtendedKeyUsages [

serverAuth

clientAuth

]

#3: ObjectId: 2.5.29.15 Criticality=false

KeyUsage [

DigitalSignature

Key_Encipherment

Key_Agreement

Key_CertSign

]

#4: ObjectId: 2.16.840.1.113730.1.1 Criticality=false

NetscapeCertType [

SSL server

]

#5: ObjectId: 2.5.29.14 Criticality=false

SubjectKeyIdentifier [

KeyIdentifier [

0000: C4 F3 1A 9E 7B 1B 14 4F 51 9E A4 88 33 07 7A AC .......OQ...3.z.

0010: 75 37 36 D4 u76.

]

Trust this certificate? [no]: yes

Certificate was added to keystore

Johns-MacBook-Pro:pxGridsdk jeppich$

步骤

将

pxGrid 客户端证书导入到身份密钥库中。

keytool -import -alias pxGridclient -keystore self2.jks -file self2.cer

Enter keystore password: cisco123

Certificate already exists in keystore under alias <1>

Do you still want to add it? [no]: no

Certificate was not added to keystroke

步骤

10 将 CA Root 证书添加至信任密钥库中。两个证书都需要驻留在信任密钥库中。

keytool -import -alias root -keystore root.jks -file ca_root.cer

Enter keystore password: cisco123

Owner: CN=lab6-WIN-BG7GPQ053ID-CA, DC=lab6, DC=com

Issuer: CN=lab6-WIN-BG7GPQ053ID-CA, DC=lab6, DC=com

Serial number: 448a6d6486c91cb14c6888c127d16c4e

Valid from: Thu Nov 13 17:47:06 PST 2014 until: Wed Nov 13 17:57:06 PST 2019

Certificate fingerprints:

MD5: 41:10:8A:F5:36:76:79:9C:2C:00:03:47:55:F8:CF:7B

SHA1: 9D:DA:06:AF:06:3F:8F:5E:84:C7:F4:58:50:95:03:22:64:48:96:9F

SHA256:

DB:28:50:D6:47:CA:C0:6A:E9:7B:87:B4:0E:9C:3A:C1:A2:61:EA:D1:29:8B:45:B4:76:4B:DA:2A:F1:D8:E0:A3

Signature algorithm name: SHA256withRSA

Version: 3

Extensions:

#1: ObjectId: 1.3.6.1.4.1.311.21.1 Criticality=false

0000: 02 01 00 ...

第

11 页