[2025][CISCO ISE#32] - Export/Import Certificate

CISCO/CISCO ISE

[2025][CISCO ISE#32] - Export/Import Certificate

someday network expert 2025. 1. 13. 16:42

안녕하세요.

오늘은 Cisco ISE certification export하는 방법에 대해서 알아보겠습니다.

Cisco ISE configuration backup 실행해도 Certificate은 Backup되지 않습니다.

수동으로 백업 해야합니다.

cisco ISE certificate은 다양하게 사용 됩니다. Web GUI, Web Portals, EAP, Pxgrid 등등.

그래서 꼭 Certificate를 백업 해야 합니다. 설정값을 백업하고 Certificate를 백업하지 않으면 Cisco ISE 장비가 망가져서 RMA 또는 새로운 Cisco ISE설치 했을때 난감한 상황을 맞이 할 수 있습니다.

1. Self Signed Certificate

2. 3rd party signed Certificate

Self Signed Certificate경우 - Import Public Key of certificate under trusted certificates

3rd Party Signed Certificate경우 - Import Root and all other intermediate certificates of the certificate

1. 아래 페이지에 접속 합니다.

administrator - system - certificates - sytem certificates

ISE01-TEST-CERT를 Check하고 Export버튼을 클릭 합니다.

아래처럼 설정 합니다.

아래처럼 파일이 다운로드 되었습니다.

압축된 폴더를 클릭 하면, 아래처럼 Public Key랑 Private Key가 있습니다.

2번째는 Trusted Certifiate 항목에 있는 인증서를 백업 합니다.

1. Trsuted Crtificates 클릭

2. 저번에 windows CA서버랑 인증서 발급 했던 SERVER-CA-ROOT를 체크 하고 백업합니다.

이렇게 Certificate 백업하면 됩니다.

인증서 Import는 cisco ISE에 있는 Import버튼을 눌러서 인증서를 Import하면 됩니다. 이 부분은 생략 하겠습니다.

이번에는 CLI모드에서 인증서를 백업 해보겠습니다.

ISE01/admin#application configure ise

Selection configuration option
[1]Reset M&T Session Database
[2]Rebuild M&T Unusable Indexes
[3]Purge M&T Operational Data
[4]Reset M&T Database
[5]Refresh Database Statistics
[6]Display Profiler Statistics
[7]Export Internal CA Store
[8]Import Internal CA Store
[9]Create Missing Config Indexes
[10]Create Missing M&T Indexes
[12]Generate Daily KPM Stats
[13]Generate KPM Stats for last 8 Weeks
[14]Enable/Disable Counter Attribute Collection
[15]View Admin Users
[16]Get all Endpoints
[19]Establish Trust with controller
[20]Reset Context Visibility
[21]Synchronize Context Visibility With Database
[22]Generate Heap Dump
[23]Generate Thread Dump
[24]Force Backup Cancellation
[25]CleanUp ESR 5921 IOS Crash Info Files
[26]Recreate undotablespace
[27]Reset Upgrade Tables
[28]Recreate Temp tablespace
[29]Clear Sysaux tablespace
[30]Fetch SGA/PGA Memory usage
[31]Generate Self-Signed Admin Certificate
[32]View Certificates in NSSDB or CA_NSSDB
[0]Exit

7번 Export Internal CA store

7
Export Repository Name: FTP
Enter encryption-key for export:
15:33:28.552 [main] INFO  cohttp://m.cisco.epm.pap.PAPFacade - Initializing Inprocess PAP
15:33:29.628 [main] INFO  cohttp://m.cisco.epm.pap.PAPFacade - In PAP Facade initialize ...
15:33:29.629 [main] INFO  cohttp://m.cisco.epm.pap.PAPFacade - Retrieving CEPM Location
15:33:29.639 [main] INFO  cohttp://m.cisco.epm.pap.PAPFacade - Loading [ oracle ] Database Queries
15:33:29.640 [main] INFO  cohttp://m.cisco.epm.pap.PAPFacade - QueryStore config file [ oracle.xml ]
15:33:29.700 [main] INFO  cohttp://m.cisco.epm.pap.PAPFacade - Queries are loaded
15:33:29.700 [main] INFO  cohttp://m.cisco.epm.pap.PAPFacade - Loading Pre-hook Handlers.....
15:33:29.700 [main] INFO  cohttp://m.cisco.epm.pap.PAPFacade - Handler Definitions config file [ api_configuration.xml ]
15:33:29.720 [main] INFO  cohttp://m.cisco.epm.pap.PAPFacade - Pre-hook Handlers are loaded
15:33:29.721 [main] INFO  cohttp://m.cisco.epm.pap.PAPFacade - Handlers are loaded..
15:33:29.721 [main] INFO  cohttp://m.cisco.epm.pap.PAPFacade - Initializing Connection Pool
15:33:29.723 [main] INFO  cohttp://m.cisco.epm.db.DatabaseConnectionFactory - Pool is going to be initialized with poolName as Default Domain
15:33:29.727 [main] INFO  cohttp://m.cisco.epm.db.DatabaseConnectionFactory - The Implementation Class for Connection Pooling is............... cohttp://m.cisco.epm.db.ApacheConnectionPool
15:33:29.727 [main] INFO  cohttp://m.cisco.epm.db.ConnectionPool - Initing the ConnectionPool with Properties
15:33:29.736 [main] INFO  cohttp://m.cisco.epm.db.DBApacheContextFactory - In DBApacheContextFactory Class
15:33:29.760 [main] INFO  cohttp://m.cisco.epm.db.DBApacheContextFactory - Starting the abandoned pool reaper thread
15:33:29.762 [AbandonedTransactionReaper] INFO  cohttp://m.cisco.epm.db.AbandonedTransactionReaper - In AbandonedTransactionReaper :  MaxActive : 200 CurrentActive : 0 MaxIdle : 200 MinIdle : 0 CurrentIdle : 0
15:33:29.780 [main] INFO  cohttp://m.cisco.epm.pap.api.services.persistance.dao.RepositoryDAO - In DAO listRepositoryDetails method
15:33:29.950 [main] INFO  cohttp://m.cisco.epm.db.DatabaseConnectionFactory - Factory contains this poolName Default Domain
15:33:29.950 [main] INFO  cohttp://m.cisco.epm.pap.PAPFacade - Initializing Handlers
15:33:31.207 [main] INFO  cohttp://m.cisco.epm.pap.api.services.persistance.dao.EntitlementServerDAO - Checking isEntitlementServer Exist for EntitlementServer Name:  'PDPServer '
15:33:31.222 [main] INFO  cohttp://m.cisco.epm.pap.api.services.persistance.dao.ApplicationDAO - Getting  ApplicationType with name 'Default'  under application group name 'Global'
15:33:31.400 [main] WARN  cohttp://m.cisco.epm.pap.PAPFacade - Node roleType=[PRIMARY,TranportType=[null]
15:33:31.419 [main] INFO  cohttp://m.cisco.epm.util.NodeCheck - Inside confirmAndDemoteIfNotPrimary
15:33:31.419 [main] INFO  cohttp://m.cisco.epm.pap.api.services.persistance.dao.DistributionDAO - In DAO getRepository method for HostConfig Type: PAP
15:33:31.430 [main] INFO  cohttp://m.cisco.epm.util.NodeCheck - Now checking against secondary pap ISE02
15:33:31.431 [main] INFO  cohttp://m.cisco.epm.util.NodeCheckHelper -  inside getHostConfigRemoteServer
Security Protocol list Start
15:33:31.532 [main] INFO  cohttp://m.cisco.epm.ssl.SSLManagerFactory - DEFAULT SSL Protocol at returnTLSv1.2
15:33:31.533 [main] INFO  cohttp://m.cisco.epm.ssl.SSLManagerFactory - DEFAULT SSL Protocols List at return[TLSv1.2]
15:33:33.637 [main] INFO  cohttp://m.cisco.cpm.nsf.api.PasswordValidator - Integritycheck Openssl digest output from verification with Swims release key: Verified OK
15:33:33.638 [main] INFO  cohttp://m.cisco.cpm.nsf.api.PasswordValidator - Integritycheck Output: Verified signature of integritycheck program with Swims release key

15:34:13.804 [main] INFO  cohttp://m.cisco.cpm.nsf.api.PasswordValidator - Integritycheck Output: Verified signature of integritycheck.sums file with Swims release key
15:34:13.805 [main] INFO  cohttp://m.cisco.cpm.nsf.api.PasswordValidator - Integritycheck PASSED
Inside Session facade init
15:34:13.844 [main] INFO  cohttp://m.cisco.cpm.infrastructure.platform.impl.PlatformProfileServiceImpl - inside isCloudDeployment function cloud URL http://169.254.169.254/latest/dynamic/instance-identity/document Requested method GET
15:34:13.844 [main] INFO  cohttp://m.cisco.cpm.infrastructure.platform.impl.PlatformProfileServiceImpl - URI for cloud API call ================ URL: http://169.254.169.254/latest/dynamic/instance-identity/document , Request Method: GET
15:34:13.858 [main] ERROR cohttp://m.cisco.cpm.infrastructure.platform.impl.PlatformProfileServiceImpl - ==========exception in getURLForHTTPConnection null
15:34:13.858 [main] INFO  cohttp://m.cisco.cpm.infrastructure.platform.impl.PlatformProfileServiceImpl - inside isCloudDeployment function cloud URL http://169.254.169.254/metadata/instance?api-version=2021-01-01 Requested method GET
15:34:13.858 [main] INFO  cohttp://m.cisco.cpm.infrastructure.platform.impl.PlatformProfileServiceImpl - URI for cloud API call ================ URL: http://169.254.169.254/metadata/instance?api-version=2021-01-01 , Request Method: GET
15:34:14.877 [main] ERROR cohttp://m.cisco.cpm.infrastructure.platform.impl.PlatformProfileServiceImpl - ==========exception in getURLForHTTPConnection null
15:34:14.877 [main] INFO  cohttp://m.cisco.cpm.infrastructure.platform.impl.PlatformProfileServiceImpl - inside isCloudDeployment function cloud URL http://169.254.169.254/opc/v1/instance/ Requested method GET
15:34:14.877 [main] INFO  cohttp://m.cisco.cpm.infrastructure.platform.impl.PlatformProfileServiceImpl - URI for cloud API call ================ URL: http://169.254.169.254/opc/v1/instance/ , Request Method: GET
15:34:15.901 [main] ERROR cohttp://m.cisco.cpm.infrastructure.platform.impl.PlatformProfileServiceImpl - ==========exception in getURLForHTTPConnection null
Old Memory Size : 16204356
15:34:15.919 [main] INFO  cohttp://m.cisco.cpm.infrastructure.platform.impl.PlatformProperties - PlatformProperties whoami: root

15:34:16.129 [main] INFO  cohttp://m.cisco.cpm.infrastructure.platform.impl.PlatformProperties - PlatformProperties{udiPid='ISE-VM-K9', udiVid='V01', udiSn='EFHGJBGCGFB', memorySizeKb=16204356, numberOfCpuCores=16, vmDiskSpace=}
15:34:16.133 [main] INFO  cohttp://m.cisco.cpm.infrastructure.platform.impl.PlatformProfileServiceImpl - inside mapVmToProfile function cloud check valuesfalsefalsefalse
15:34:16.589 [main] INFO  cohttp://m.cisco.epm.pdp.PDPFacade - loadSystemProperties
In the init method of PDPFacade
15:34:16.685 [main] INFO  cohttp://m.cisco.epm.pdp.PDPFacade - In the init method of PDPFacade
15:34:16.698 [main] INFO  cohttp://m.cisco.epm.db.DatabaseConnectionFactory - Factory contains this poolName Default Domain
15:34:16.698 [main] INFO  cohttp://m.cisco.epm.pdp.PDPFacade - Started checking of Authetication
15:34:16.778 [main] INFO  cohttp://m.cisco.epm.pdp.AppPoliciesStatus - updating   AppName  PAP Application Group:PAP Application   Status    0
15:34:16.779 [main] INFO  cohttp://m.cisco.epm.pdp.AppPoliciesStatus - updating   AppName  Prime group:Prime portal   Status    0
15:34:16.779 [main] INFO  cohttp://m.cisco.epm.pdp.AppPoliciesStatus - updating   AppName  NAC Group:NAC   Status    0
15:34:16.783 [main] INFO  cohttp://m.cisco.epm.pdp.PDPFacade - Started to load Pip's....
15:34:16.957 [main] INFO  cohttp://m.cisco.epm.pip.db.DataBasePIPMetaData - DataBasePIPMetaData
15:34:16.964 [main] INFO  cohttp://m.cisco.epm.db.DatabaseConnectionFactory - PoolName is  Global:Entitlement Repository
15:34:16.964 [main] INFO  cohttp://m.cisco.epm.db.DatabaseConnectionFactory - Pool is going to be initialized with poolName as Global:Entitlement Repository
15:34:16.965 [main] INFO  cohttp://m.cisco.epm.db.ConnectionPool - Initing the ConnectionPool with Properties
15:34:16.965 [main] INFO  cohttp://m.cisco.epm.db.DBApacheContextFactory - In DBApacheContextFactory Class
15:34:16.966 [main] INFO  cohttp://m.cisco.epm.db.DBApacheContextFactory - Starting the abandoned pool reaper thread
15:34:16.967 [AbandonedTransactionReaper] INFO  cohttp://m.cisco.epm.db.AbandonedTransactionReaper - In AbandonedTransactionReaper :  MaxActive : 200 CurrentActive : 0 MaxIdle : 200 MinIdle : 0 CurrentIdle : 0
15:34:16.973 [main] INFO  cohttp://m.cisco.epm.pip.PipMetaDataFactory - Initialization of PIP's and Attributes is done
15:34:18.914 [main] INFO  cohttp://m.cisco.epm.pdp.PDPFacade - Pip's are loaded and started
15:34:18.915 [main] INFO  cohttp://m.cisco.epm.pdp.PDPFacade - Lodaing data into in memory
15:34:18.933 [main] INFO  cohttp://m.cisco.epm.util.NodeCheck - Inside confirmAndDemoteIfNotPrimary
15:34:18.934 [main] INFO  cohttp://m.cisco.epm.pap.api.services.persistance.dao.DistributionDAO - In DAO getRepository method for HostConfig Type: PAP
15:34:18.942 [main] INFO  cohttp://m.cisco.epm.util.NodeCheck - Now checking against secondary pap ISE02
15:34:18.942 [main] INFO  cohttp://m.cisco.epm.util.NodeCheckHelper -  inside getHostConfigRemoteServer
15:34:18.943 [main] WARN  cohttp://m.cisco.epm.util.NodeCheckHelper - Unable to retrieve the host config from standby pap java.lang.NullPointerException
15:34:18.943 [main] WARN  cohttp://m.cisco.epm.util.NodeCheckHelper - returning null from getHostConfigRemoteServer
15:34:18.943 [main] INFO  cohttp://m.cisco.epm.util.NodeCheck - remotePrimaryConfig.getNodeRoleStatus() NULL
15:34:18.943 [main] INFO  cohttp://m.cisco.epm.util.NodeCheck - remoteClusterInfo.getDeploymentName NULL
15:34:18.943 [main] INFO  cohttp://m.cisco.epm.util.NodeCheck - Ended checkAndDemoteIfNotPrimary
15:34:18.943 [main] INFO  cohttp://m.cisco.epm.db.DatabaseConnectionFactory - Factory contains this poolName Default Domain
15:34:18.955 [DataLoaderInitializer-0] INFO  cohttp://m.cisco.epm.pdp.cache.DataLoader - In loadInMemoryData method
15:34:19.001 [main] INFO  cohttp://m.cisco.epm.pdp.PDPFacade - All Queries are loaded..
15:34:19.009 [main] WARN  cohttp://m.cisco.epm.pdp.PDPFacade - In PDPFacade=[false],transportType=[null]
15:34:19.010 [main] INFO  cohttp://m.cisco.epm.pdp.PDPFacade - Replication type=[null]
Time taken for NSFAdminServiceFactory to load5203
15:34:19.576 [DataLoaderInitializer-0] INFO  cohttp://m.cisco.epm.pdp.cache.DataLoader - Loaded Global users,groups,roles done
15:34:19.895 [DataLoaderInitializer-0] INFO  cohttp://m.cisco.epm.pdp.cache.DataLoader - Loaded Application group users,groups,roles,contexts[PAP Application Group] Done
15:34:20.298 [DataLoaderInitializer-0] INFO  cohttp://m.cisco.epm.pdp.cache.DataLoader - Loaded Application  users,groups,roles,contexts[PAP Application Group:PAP Application] Done
15:34:20.426 [DataLoaderInitializer-0] INFO  cohttp://m.cisco.epm.pdp.cache.DataLoader - Loaded Application group users,groups,roles,contexts[Prime group] Done
15:34:20.560 [DataLoaderInitializer-0] INFO  cohttp://m.cisco.epm.pdp.cache.DataLoader - Loaded Application  users,groups,roles,contexts[Prime group:Prime portal] Done
15:34:20.682 [DataLoaderInitializer-0] INFO  cohttp://m.cisco.epm.pdp.cache.DataLoader - Loaded Application group users,groups,roles,contexts[NAC Group] Done
15:34:21.517 [DataLoaderInitializer-0] INFO  cohttp://m.cisco.epm.pdp.cache.DataLoader - Loaded Application  users,groups,roles,contexts[NAC Group:NAC] Done
15:34:21.518 [DataLoaderInitializer-0] INFO  cohttp://m.cisco.epm.pdp.cache.DataLoader - Creating resources and assosiated policyies  intiated...
15:34:35.547 [main] ERROR cohttp://m.cisco.epm.edf2.internal.SessionConfig - Class not a DefaultEDFSession cohttp://m.cisco.cpm.edf2.sga.SgaEDFManager
15:34:36.072 [main] INFO  cohttp://m.cisco.epm.ssl.SSLManagerFactory - SSLManagerFactory initialized in Non-FIPS mode
15:34:36.072 [main] INFO  cohttp://m.cisco.epm.ssl.SSLManagerFactory - SSLManagerFactory initialized with TLSv1 and with SHA1.
15:34:36.072 [main] INFO  cohttp://m.cisco.epm.ssl.SSLManagerFactory - SSLManagerFactory initialized with TLSv1 and without SHA1.
15:34:36.073 [main] INFO  cohttp://m.cisco.epm.ssl.SSLManagerFactory - SSLManagerFactory initialized without TLSv1 and with SHA1.
15:34:36.073 [main] INFO  cohttp://m.cisco.epm.ssl.SSLManagerFactory - SSLManagerFactory initialized without TLSv1 and without SHA1.
15:34:36.620 [main] INFO  cohttp://m.cisco.epm.util.NodeCheckHelper - this is the host config returned ISE02
15:34:36.620 [main] INFO  cohttp://m.cisco.epm.util.NodeCheckHelper - this is the Cluster Info returned 94d90c20-d161-11ef-8dfa-024597b71001
15:34:36.628 [main] INFO  cohttp://m.cisco.epm.util.NodeCheck - remotePrimaryConfig.getNodeRoleStatus() SECONDARY
15:34:36.628 [main] INFO  cohttp://m.cisco.epm.util.NodeCheck - remoteClusterInfo.getDeploymentName ISEDeployment-i3RiE
15:34:36.629 [main] INFO  cohttp://m.cisco.epm.util.NodeCheck - Ended checkAndDemoteIfNotPrimary
15:34:36.635 [main] INFO  cohttp://m.cisco.epm.pap.PAPFacade - Policy Administration Point started successfully
15:34:36.635 [main] INFO  cohttp://m.cisco.epm.pap.PAPFacade - PAPFacade Initialization Complete
15:34:36.640 [main] INFO  cohttp://m.cisco.epm.util.NodeCheck - Inside confirmAndDemoteIfNotPrimary
15:34:36.642 [main] INFO  cohttp://m.cisco.epm.pap.api.services.persistance.dao.DistributionDAO - In DAO getRepository method for HostConfig Type: PAP
15:34:36.665 [main] INFO  cohttp://m.cisco.epm.util.NodeCheck - Now checking against secondary pap ISE02
15:34:36.665 [main] INFO  cohttp://m.cisco.epm.util.NodeCheckHelper -  inside getHostConfigRemoteServer
15:34:36.929 [main] INFO  cohttp://m.cisco.epm.util.NodeCheckHelper - this is the host config returned ISE02
15:34:36.930 [main] INFO  cohttp://m.cisco.epm.util.NodeCheckHelper - this is the Cluster Info returned 94d90c20-d161-11ef-8dfa-024597b71001
15:34:36.930 [main] INFO  cohttp://m.cisco.epm.util.NodeCheck - remotePrimaryConfig.getNodeRoleStatus() SECONDARY
15:34:36.931 [main] INFO  cohttp://m.cisco.epm.util.NodeCheck - remoteClusterInfo.getDeploymentName ISEDeployment-i3RiE
15:34:36.931 [main] INFO  cohttp://m.cisco.epm.util.NodeCheck - Ended checkAndDemoteIfNotPrimary
15:34:43.714 [main] ERROR cohttp://m.cisco.cpm.prrt.impl.PrRTNotificationHandler - Cannot parse environment variable TRUSTSEC_CONFIG_DELAY/TRUSTSEC_CONFIG_DELAY_SINGLE.Probably not an application server.
15:34:43.715 [main] INFO  cohttp://m.cisco.cpm.prrt.impl.PrRTNotificationHandler - Timer for trustsec changes will not be scheduled, since window period is 0.
15:34:43.757 [main] INFO  cohttp://m.cisco.cpm.trustsec.notification.TrustsecNotificationHandler - Registering TrustsecNotification handler for HostConfig notifications
15:34:43.758 [main] INFO  cohttp://m.cisco.cpm.trustsec.notification.TrustsecNotificationHandler - Registered TrustsecNotification handler...
15:34:43.758 [main] INFO  cohttp://m.cisco.cpm.trustsec.notification.TrustsecNotificationHandler - Inside isStandaloneNode
15:34:43.761 [main] INFO  cohttp://m.cisco.cpm.trustsec.notification.TrustsecNotificationHandler - localHostConfig name ISE01 nodeRoleStatus PRIMARY
15:34:43.798 [main] INFO  cohttp://m.cisco.cpm.es.api.EPLoginConfigInitializer - ESCredentialHandler Intializer Invoked
15:34:43.850 [main] INFO  cohttp://m.cisco.cpm.es.api.EPLoginConfigInitializer - End : EndpointLoginConfig init
15:34:43.924 [main] INFO  cohttp://m.cisco.cpm.posture.runtime.visibility.PostureEdfNotificationHandler - Posture: Registering EDF event for endpoint
15:34:43.926 [main] INFO  cohttp://m.cisco.cpm.posture.runtime.visibility.PostureEdfNotificationHandler - Posture: isSelfStandaloneOrPanNode: true
15:34:43.920 [PxGrid-RefreshLoop] INFO  cohttp://m.cisco.cpm.pxgrid.cert.ConfigChangeHandler - pxGrid config handler start
15:34:44.003 [main] INFO  cohttp://m.cisco.cpm.posture.runtime.visibility.PostureEdfNotificationHandler - Posture: Ignored Since PostureEdfNotificationHandler already registered
15:34:44.003 [main] INFO  cohttp://m.cisco.cpm.posture.runtime.visibility.PostureEdfNotificationHandler - Posture: Registered EDF event for endpoint
15:34:44.013 [main] INFO  cohttp://m.cisco.cpm.posture.runtime.visibility.VisibilityHandler - Posture VisibilityHandler localhost fqdn is ISE01.test.local, isSelfStandaloneOrPanNode: true
Old Memory Size : 16204356
15:34:44.275 [main] INFO  cohttp://m.cisco.cpm.infrastructure.platform.impl.PlatformProfileServiceImpl - inside mapVmToProfile function cloud check valuesfalsefalsefalse
15:34:44.278 [main] WARN  cohttp://m.cisco.profiler.api.event.ProbeEventHandler - Failed to get queue size limit from platform limits null
15:34:45.224 [main] INFO  cohttp://m.cisco.cpm.infrastructure.confd.RESTConfHandler - CallStatus value for get method : 200
Export in progress...Old Memory Size : 16204356
15:34:48.251 [main] INFO  cohttp://m.cisco.cpm.infrastructure.platform.impl.PlatformProfileServiceImpl - inside mapVmToProfile function cloud check valuesfalsefalsefalse
15:34:48.255 [main] INFO  com.cisco.profiler.persistence.LocalDb - Read  profiler.redis.maxactive from platform properties: null
15:34:48.255 [main] INFO  com.cisco.profiler.persistence.LocalDb - Value of max active redis connections: 35
15:34:48.329 [main] ERROR com.cisco.profiler.persistence.LocalDb - Failed to populate profiler partitions:null
java.lang.NullPointerException
        at cohttp://m.cisco.profiler.api.Util.isLSDEnabled(Util.java:4784)
        at com.cisco.profiler.persistence.JedisEpAsHashHandler.<init>(JedisEpAsHashHandler.java:139)
        at com.cisco.profiler.persistence.LocalDb.<clinit>(LocalDb.java:136)
        at cohttp://m.cisco.cpm.infrastructure.certmgmt.api.EpCertJedisHandler.<init>(EpCertJedisHandler.java:58)
        at cohttp://m.cisco.cpm.infrastructure.certmgmt.api.CertMgmtService.<clinit>(CertMgmtService.java:118)
        at cohttp://m.cisco.cpm.infrastructure.systemconfig.ImportCAStoreFromRepository.isCertInTrustStore(ImportCAStoreFromRepository.java:583)
        at cohttp://m.cisco.cpm.infrastructure.systemconfig.ExportCAStoreToRepository.exportCAStoreToRepo(ExportCAStoreToRepository.java:112)
        at cohttp://m.cisco.cpm.infrastructure.systemconfig.ExportCAStoreToRepository.main(ExportCAStoreToRepository.java:70)

15:34:48.330 [main] INFO  com.cisco.profiler.persistence.LocalDb - Local db registration EndpointCert, index 0
15:34:48.331 [main] INFO  com.cisco.profiler.persistence.LocalDb - About to persist the partitions to /opt/CSCOcpm/appsrv/apache-tomcat/config/redisPartitions.properties
15:34:48.332 [main] INFO  com.cisco.profiler.persistence.LocalDb - Updated properties : /opt/CSCOcpm/appsrv/apache-tomcat/config/redisPartitions.properties

15:34:50.825 [DataLoaderInitializer-0] INFO  cohttp://m.cisco.epm.pdp.cache.DataLoader - Creatiion of resources and assosiated policyies  done
15:34:52.588 [DataLoaderInitializer-0] INFO  cohttp://m.cisco.epm.pdp.db.oracle.PolicyCacheDAO - Size  of LogicalMap 103
15:34:52.589 [DataLoaderInitializer-0] INFO  cohttp://m.cisco.epm.pdp.cache.DataLoader - Time taken to load the blob data for dictinary bucket [246]
15:34:52.589 [DataLoaderInitializer-0] INFO  cohttp://m.cisco.epm.pdp.cache.DataLoader - Number of Users loaded into Memory[18]
15:34:52.590 [DataLoaderInitializer-0] INFO  cohttp://m.cisco.epm.pdp.cache.DataLoader - Number of Groupss loaded into Memory[344]
15:34:52.590 [DataLoaderInitializer-0] INFO  cohttp://m.cisco.epm.pdp.cache.DataLoader - Number of Roles loaded into Memory[56]
15:34:52.590 [DataLoaderInitializer-0] INFO  cohttp://m.cisco.epm.pdp.cache.DataLoader - Number of Resourcess loaded into Memory[11777]
15:34:52.590 [DataLoaderInitializer-0] INFO  cohttp://m.cisco.epm.pdp.cache.DataLoader - Number of Context's   :  [1]
15:34:52.590 [DataLoaderInitializer-0] INFO  cohttp://m.cisco.epm.pdp.cache.DataLoader - Total memory utilized[291]M.B
15:34:52.590 [DataLoaderInitializer-0] INFO  cohttp://m.cisco.epm.pdp.cache.DataLoader - Time taken to load below entities into memory[33659]m.s

15:34:54.270 [main] INFO  cohttp://m.cisco.cpm.infrastructure.confd.repository.impl.RepositoryServiceImpl - copyOut json {
  "sourceFile" : "/opt/ca_export/ise_ca_key_pairs_of_ISE01",
  "RepoName" : "FTP"
}
15:34:54.500 [main] INFO  cohttp://m.cisco.cpm.infrastructure.confd.RESTConfHandler - The Value of CallStatus for post method : 200
The following 5 CA key pairs were exported to repository 'FTP' at 'ise_ca_key_pairs_of_ISE01':
        Subject:CN=Certificate Services Root CA - ISE01
        Issuer:CN=Certificate Services Root CA - ISE01
        Serial#:0x413c9d5d-c09747fb-9c348f1d-7fd4cf7f

        Subject:CN=Certificate Services Node CA - ISE01
        Issuer:CN=Certificate Services Root CA - ISE01
        Serial#:0x5841ef07-45b14321-809f1f89-84880a6a

        Subject:CN=Certificate Services Endpoint Sub CA - ISE01
        Issuer:CN=Certificate Services Node CA - ISE01
        Serial#:0x182e0062-bca04359-808d8ced-5a4fbab8

        Subject:CN=Certificate Services Endpoint RA - ISE01
        Issuer:CN=Certificate Services Endpoint Sub CA - ISE01
        Serial#:0x4351ef77-1d74489e-aa438fe2-846bcfb8

        Subject:CN=Certificate Services OCSP Responder - ISE01
        Issuer:CN=Certificate Services Endpoint Sub CA - ISE01
        Serial#:0x15e01788-34114c7f-aff55275-a1cc761d

ISE CA keys export completed successfully

이렇게 인증서 백업이 완료 되었습니다.

FTP 서버에 폴더에서 확인 합니다.

CLI에서 [8]Import Internal CA Store 눌러서 복구도 가능 합니다.

이부분은 생략 하갰습니다.

지금까지 [2025][CISCO ISE#32] - Export/Import Certificate에 대해서 알아보았습니다.

저작자표시