Cisco Cisco Identity Services Engine 1.2 产品宣传页
安全访问操作指南
•
如果您看到类似的错误消息,则需要将 root 证书添加至 truststoreFilename 密钥库中,在本示例中例如
添加至
root3.jks。
./register.sh -keystoreFilename pxGridClient.jks -keystorePassword cisco123 -truststoreFilename root3.jks -
truststorePassword cisco123 -group Session -description MACBOOK -username Macbook_PRO -hostname 10.0.0.96
------- properties -------
version=1.0.0
hostnames=10.0.0.96
username=Macbook_PRO
descriptipon=MACBOOK
keystoreFilename=pxGridClient.jks
keystorePassword=cisco123
truststoreFilename=root3.jks
truststorePassword=cisco123
--------------------------
registering...
connecting...
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: root certificate not trusted of
[ise.lab6.com]
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1917)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:301)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:295)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1471)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:936)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:871)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1043)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1343)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1371)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1355)
at org.jivesoftware.smack.XMPPConnection.proceedTLSReceived(XMPPConnection.java:806)
at org.jivesoftware.smack.PacketReader.parsePackets(PacketReader.java:267)
at org.jivesoftware.smack.PacketReader.access$000(PacketReader.java:43)
at org.jivesoftware.smack.PacketReader$1.run(PacketReader.java:70)
Caused by: java.security.cert.CertificateException: root certificate not trusted of [ise.lab6.com]
at org.jivesoftware.smack.ServerTrustManager.checkServerTrusted(ServerTrustManager.java:144)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:865)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1453)
... 11 more
•
如果您看到以下错误消息,请确保 pxGrid 客户端和 ISE pxGrid FQDN 名称可通过 DNS 解析。
./session_download.sh -keystoreFilename jeppich.jks -keystorePassword cisco123 -truststoreFilename
trust007.jks -truststorePassword cisco123 -hostname 10.0.0.96 -username mac2
------- properties -------
version=1.0.0
hostnames=10.0.0.96
username=mac2
keystoreFilename=jeppich.jks
keystorePassword=cisco123
truststoreFilename=trust007.jks
truststorePassword=cisco123
filter=null
start=null
end=null
--------------------------
connecting...
connected.
20:18:07.181 [main] WARN o.a.cxf.phase.PhaseInterceptorChain - Interceptor for
{https://ise.lab6.com/pxgrid/mnt/sd}WebClient has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Could not send Message.
at
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSende
rInterceptor.java:64) ~[cxf-api-2.7.3.jar:2.7.3]
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271) ~[cxf-api-
2.7.3.jar:2.7.3]
© 2015 思科系统公司
第
19 页