Cisco Cisco Identity Services Engine 1.3 전단
安全访问操作指南
serverAuth
clientAuth
]
#3: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
Key_Agreement
Key_CertSign
]
#4: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
]
#5: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: C4 F3 1A 9E 7B 1B 14 4F 51 9E A4 88 33 07 7A AC .......OQ...3.z.
0010: 75 37 36 D4 u76.
]
]
Trust this certificate? [no]: yes
Certificate was added to keystore
Johns-MacBook-Pro:bin jeppich$
步骤
9
将
pxGrid 客户端证书导入到 keystoreFilename 中。
keytool -import -alias pxGridclient -keystore mac.jks -file mac.cer
Enter keystore password:
Certificate already exists in keystore under alias <1>
Do you still want to add it? [no]: n
Certificate was not added to keystore
注:如果收到以下消息,表示证书已添加到已有的密钥库,选择“
no”也没有问题。我选择了“yes”,以便我们可以在稍后添加证书后进行验证。
步骤
10 将 ISE 身份证书导入到 truststoreFilename(例如 caroot1.jks),后者在 pxGrid 脚本中充当
truststoreFilename 和 truststorePassword。
keytool -import -alias root -keystore caroot1.jks -file isemnt.der
Enter keystore password: cisco123
Re-enter new password: cisco123
Owner: CN=ise.lab6.com
Issuer: CN=ise.lab6.com
Serial number: 548502f500000000ec27e53c1dd64f46
Valid from: Sun Dec 07 17:46:29 PST 2014 until: Mon Dec 07 17:46:29 PST 2015
Certificate fingerprints:
MD5: 04:7D:67:04:EC:D2:F5:BC:DC:79:4D:0A:FF:62:09:FD
SHA1: 5A:7B:02:E4:07:A1:D2:0B:7D:A5:AE:83:27:3B:E7:33:33:30:1E:32
© 2015 思科系统公司
第
28 页