Cisco Cisco Identity Services Engine 1.3 プリント
导出和导入内部 CA 存储区
要从主要管理节点 (PAN) 导出 Cisco ISE CA 证书和密钥以便能够在 PAN 失效的情况下将其导入辅
助管理节点,请在执行模式下使用application configure 命令。
助管理节点,请在执行模式下使用application configure 命令。
当您将辅助管理节点提升为主要管理节点 (PAN) 时,您必须导入从原始 PAN 导出的 Cisco ISE CA
证书和密钥。
证书和密钥。
• 要导出 Cisco ISE CA 证书和密钥的副本,请使用application configure ise 命令中的选项 7。
• 要导入 Cisco ISE CA 证书和密钥的副本,请使用application configure ise 命令中的选项 8。
示例 1
要导出 Cisco ISE CA 证书和密钥的副本,请使用选项 7。
ise/admin# application configure ise
Selection ISE configuration option
[1]Reset M&T Session Database
[2]Rebuild M&T Unusable Indexes
[3]Purge M&T Operational Data
[4]Reset M&T Database
[5]Refresh Database Statistics
[6]Display Profiler Statistics
[7]Export Internal CA Store
[8]Import Internal CA Store
[9]Create Missing Config Indexes
[10]Create Missing M&T Indexes
[11]Enable/Disable ACS Migration
[12]Generate Daily KPM Stats
[13]Generate KPM Stats for last 8 Weeks
[14]Exit
Selection ISE configuration option
[1]Reset M&T Session Database
[2]Rebuild M&T Unusable Indexes
[3]Purge M&T Operational Data
[4]Reset M&T Database
[5]Refresh Database Statistics
[6]Display Profiler Statistics
[7]Export Internal CA Store
[8]Import Internal CA Store
[9]Create Missing Config Indexes
[10]Create Missing M&T Indexes
[11]Enable/Disable ACS Migration
[12]Generate Daily KPM Stats
[13]Generate KPM Stats for last 8 Weeks
[14]Exit
7
Export Repository Name: sftp
Enter encryption-key for export: Test1234
Export on progress...............
Export Repository Name: sftp
Enter encryption-key for export: Test1234
Export on progress...............
The following 4 CA key pairs were exported to repository 'sftp' at
'ise_ca_key_pairs_of_ise60':
'ise_ca_key_pairs_of_ise60':
Subject:CN=Certificate Services Root CA - ise60
Issuer:CN=Certificate Services Root CA - ise60
Serial#:0x66cfded7-2f384979-9110c0e1-50dbf656
Issuer:CN=Certificate Services Root CA - ise60
Serial#:0x66cfded7-2f384979-9110c0e1-50dbf656
Subject:CN=Certificate Services Endpoint Subordinate CA - ise60
Issuer:CN=Certificate Services Root CA - ise60
Serial#:0x20ff700b-d5844ef8-a029bf7d-fad64289
Issuer:CN=Certificate Services Root CA - ise60
Serial#:0x20ff700b-d5844ef8-a029bf7d-fad64289
Subject:CN=Certificate Services Endpoint RA - ise60
Issuer:CN=Certificate Services Endpoint Subordinate CA - ise60
Serial#:0x483542bd-1f1642f4-ba71b338-8f606ee4
Issuer:CN=Certificate Services Endpoint Subordinate CA - ise60
Serial#:0x483542bd-1f1642f4-ba71b338-8f606ee4
Subject:CN=Certificate Services OCSP Responder Certificate - ise60
Issuer:CN=Certificate Services Root CA - ise60
Serial#:0x0ad3ccdf-b64842ad-93dd5826-0b27cbd2
Issuer:CN=Certificate Services Root CA - ise60
Serial#:0x0ad3ccdf-b64842ad-93dd5826-0b27cbd2
ISE CA keys export completed successfully
思科身份服务引擎 CLI 参考指南,版本 1.4
19
执行模式下的 Cisco ISE CLI 命令
导出和导入内部 CA 存储区