Cisco Cisco Identity Services Engine 1.3 전단

安全访问操作指南

serverAuth

clientAuth

]

#3: ObjectId: 2.5.29.15 Criticality=false

KeyUsage [

DigitalSignature

Key_Encipherment

Key_Agreement

Key_CertSign

]

#4: ObjectId: 2.16.840.1.113730.1.1 Criticality=false

NetscapeCertType [

SSL server

]

#5: ObjectId: 2.5.29.14 Criticality=false

SubjectKeyIdentifier [

KeyIdentifier [

0000: C4 F3 1A 9E 7B 1B 14 4F 51 9E A4 88 33 07 7A AC .......OQ...3.z.

0010: 75 37 36 D4 u76.

]

Trust this certificate? [no]: yes

Certificate was added to keystore

Johns-MacBook-Pro:bin jeppich$

步骤

将

pxGrid 客户端证书导入到 keystoreFilename 中。

keytool -import -alias pxGridclient -keystore mac.jks -file mac.cer

Enter keystore password:

Certificate already exists in keystore under alias <1>

Do you still want to add it? [no]: n

Certificate was not added to keystore

注：如果收到以下消息，表示证书已添加到已有的密钥库，选择“

no”也没有问题。我选择了“yes”，以便我们可以在稍后添加证书后进行验证。

步骤

10 将 ISE 身份证书导入到 truststoreFilename（例如 caroot1.jks），后者在 pxGrid 脚本中充当

truststoreFilename 和 truststorePassword。

keytool -import -alias root -keystore caroot1.jks -file isemnt.der

Enter keystore password: cisco123

Re-enter new password: cisco123

Owner: CN=ise.lab6.com

Issuer: CN=ise.lab6.com

Serial number: 548502f500000000ec27e53c1dd64f46

Valid from: Sun Dec 07 17:46:29 PST 2014 until: Mon Dec 07 17:46:29 PST 2015

Certificate fingerprints:

MD5: 04:7D:67:04:EC:D2:F5:BC:DC:79:4D:0A:FF:62:09:FD

SHA1: 5A:7B:02:E4:07:A1:D2:0B:7D:A5:AE:83:27:3B:E7:33:33:30:1E:32

第

28 页