Cisco pxGrid로 인증서 배포

Similar documents
Cisco pxGrid로 인증서 배포

ISE 분산 환경에서 pxGrid 구성 초안

2. 개인키권한설정 보안경고개인키의유출방지를위해 group 과 other 의 permission 을모두제거한다. chmod 600 /etc/pki/tls/private/lesstif-rootca.key 3. CSR(Certificate Signing Request) 생

정적으로 설치된 mod_ssl 모듈확인 동적으로 설치된 mod_ssl 모듈확인 웹서버에 설치된 모듈중 mod_so.c 를 먼저 확인후 동적으로 설치된 모듈중 mod_ssl.so 를 확인합니다. 동적으로 설치된 경우 apache 설치 디렉토리의 module 이나 libe

RHEV 2.2 인증서 만료 확인 및 갱신

Tomcat.hwp

yessign Version 3.1 (yessign). ccopyright 2009 yessign ALL RIGHTS RESERVED

- - yessign Version 3.5 (yessign)

Analytics > Log & Crash Search > Unity ios SDK [Deprecated] Log & Crash Unity ios SDK. TOAST SDK. Log & Crash Unity SDK Log & Crash Search. Log & Cras

Remote UI Guide

PWR PWR HDD HDD USB USB Quick Network Setup Guide xdsl/cable Modem PC DVR 1~3 1.. DVR DVR IP xdsl Cable xdsl Cable PC PC DDNS (

휠세미나3 ver0.4

Solaris Express Developer Edition

Sena Device Server Serial/IP TM Version

WebtoB.hwp

Microsoft PowerPoint - 11주차_Android_GoogleMap.ppt [호환 모드]

USB USB DV25 DV25 REC SRN-475S REC SRN-475S LAN POWER LAN POWER Quick Network Setup Guide xdsl/cable Modem PC DVR 1~3 1.. DVR DVR IP xdsl Cable xdsl C

BEA_WebLogic.hwp


IRISCard Anywhere 5

Assign an IP Address and Access the Video Stream - Installation Guide

10X56_NWG_KOR.indd

Cisco FirePOWER 호환성 가이드

untitled

vRealize Automation용 VMware Remote Console - VMware

본교재는수업용으로제작된게시물입니다. 영리목적으로사용할경우저작권법제 30 조항에의거법적처벌을받을수있습니다. [ 실습 ] 스위치장비초기화 1. NVRAM 에저장되어있는 'startup-config' 파일이있다면, 삭제를실시한다. SWx>enable SWx#erase sta

ORANGE FOR ORACLE V4.0 INSTALLATION GUIDE (Online Upgrade) ORANGE CONFIGURATION ADMIN O

Windows 8에서 BioStar 1 설치하기

API STORE 키발급및 API 사용가이드 Document Information 문서명 : API STORE 언어별 Client 사용가이드작성자 : 작성일 : 업무영역 : 버전 : 1 st Draft. 서브시스템 : 문서번호 : 단계 : Docum

Microsoft Word - ntasFrameBuilderInstallGuide2.5.doc

SMB_ICMP_UDP(huichang).PDF

초기설정 WebtoB Web Server 에서인증서를사용하기위해 CSR 을생성하는방법입니다. 1. 초기설정 - CSR 을생성하기전에다음의몇가지사항을필히확인합니다. 부팅후 Path 나환경변수를일일이설정하지않게초기설정파일을사용하여로그인시자동으로실행되도록하고있습니다. 그러나

4. CSR 값확인. (vi csr.pem) CSR(Certificate Signing Request) 즉, 인증서서명요청입니다. 이는자신이설치할웹서버에서 DN 값, 각종정보를암호화한파일로써 한국전자인증 신청란에서붙여넣으면됩니다. 인증서설치 1. 직접 CSR 및 KEY

chapter1,2.doc

Copyright 2012, Oracle and/or its affiliates. All rights reserved.,,,,,,,,,,,,,.,..., U.S. GOVERNMENT END USERS. Oracle programs, including any operat

CD-RW_Advanced.PDF

Chapter 1

아래 항목은 최신( ) 이미지를 모두 제대로 설치하였을 때를 가정한다

MasoJava4_Dongbin.PDF

SQL Developer Connect to TimesTen 유니원아이앤씨 DB 기술지원팀 2010 년 07 월 28 일 문서정보 프로젝트명 SQL Developer Connect to TimesTen 서브시스템명 버전 1.0 문서명 작성일 작성자

Interstage5 SOAP서비스 설정 가이드

chapter4

Splentec V-WORM Quick Installation Guide Version: 1.0 Contact Information 올리브텍 주소 : 경기도성남시분당구구미로 11 ( 포인트타운 701호 ) URL: E-M

Tomcat 4.x 웹서버에 J2SE 를설치를확인합니다. java -version java version "1.4.2_05" Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_05-b04) Java HotSp

Sun Java System Messaging Server 63 64

Portal_9iAS.ppt [읽기 전용]

bn2019_2

User Guide

교육2 ? 그림

cam_IG.book

<32B1B3BDC32E687770>

Analyst Briefing

Network seminar.key

(SW3704) Gingerbread Source Build & Working Guide

Install stm32cubemx and st-link utility

!K_InDesginCS_NFH

기술교육 SSL 설정및변환방법

PowerChute Personal Edition v3.1.0 에이전트 사용 설명서

아이콘의 정의 본 사용자 설명서에서는 다음 아이콘을 사용합니다. 참고 참고는 발생할 수 있는 상황에 대처하는 방법을 알려 주거나 다른 기능과 함께 작동하는 방법에 대한 요령을 제공합니다. 상표 Brother 로고는 Brother Industries, Ltd.의 등록 상

슬라이드 1

1) 인증서만들기 ssl]# cat > // 설명 : 발급받은인증서 / 개인키파일을한파일로저장합니다. ( 저장방법 : cat [ 개인키

소개 TeraStation 을 구입해 주셔서 감사합니다! 이 사용 설명서는 TeraStation 구성 정보를 제공합니다. 제품은 계속 업데이트되므로, 이 설명서의 이미지 및 텍스트는 사용자가 보유 중인 TeraStation 에 표시 된 이미지 및 텍스트와 약간 다를 수

Page 2 of 6 Here are the rules for conjugating Whether (or not) and If when using a Descriptive Verb. The only difference here from Action Verbs is wh

Copyright 2012, Oracle and/or its affiliates. All rights reserved.,.,,,,,,,,,,,,.,...,. U.S. GOVERNMENT END USERS. Oracle programs, including any oper

Interstage4 설치가이드

1) 인증서만들기 ssl]# cat > // 설명 : 발급받은인증서 / 개인키파일을한파일로저장합니다. ( 저장방법 : cat [ 개인키

Multi Channel Analysis. Multi Channel Analytics :!! - (Ad network ) Report! -! -!. Valuepotion Multi Channel Analytics! (1) Install! (2) 3 (4 ~ 6 Page

1. Windows 설치 (Client 설치 ) 원하는위치에다운받은발송클라이언트압축파일을해제합니다. Step 2. /conf/config.xml 파일수정 conf 폴더에서 config.xml 파일을텍스트에디터를이용하여 Open 합니다. config.xml 파일에서, 아

ISP and CodeVisionAVR C Compiler.hwp

Webtob( 멀티도메인 ) SSL 인증서갱신설치가이드 본문서는주식회사한국기업보안에서 SSL 보안서버인증서설치를위해작성된문서로 주식회사한국기업보안의동의없이무단으로사용하실수없습니다. [ 고객센터 ] 한국기업보안. 유서트기술팀 Copyright 201

Intro to Servlet, EJB, JSP, WS

¹Ìµå¹Ì3Â÷Àμâ

FileMaker 15 ODBC 및 JDBC 설명서

제20회_해킹방지워크샵_(이재석)

초보자를 위한 ADO 21일 완성

Microsoft Word - Automap3

ApacheWebServer.hwp

TCP.IP.ppt

untitled

Facebook API

Subnet Address Internet Network G Network Network class B networ

Voice Portal using Oracle 9i AS Wireless

thesis-shk

개요오라클과티베로에서 JDBC 를통해접속한세션을구분할수있도록 JDBC 접속시 ConnectionProperties 를통해구분자를넣어줄수있다. 하나의 Node 에다수의 WAS 가있을경우 DB 에서 Session Kill 등의동작수행시원하는 Session 을선택할수있다.

PCServerMgmt7

1217 WebTrafMon II

1

vm-웨어-01장

Backup Exec

,,,,,, (41) ( e f f e c t ), ( c u r r e n t ) ( p o t e n t i a l difference),, ( r e s i s t a n c e ) 2,,,,,,,, (41), (42) (42) ( 41) (Ohm s law),

TTA Journal No.157_서체변경.indd

PBNM CIM(Common Information Model) DEN, COPS LDAP 21 CIM (Common Information Model) CIM, specification schema [7]

목차 데모 홖경 및 개요... 3 테스트 서버 설정... 4 DC (Domain Controller) 서버 설정... 4 RDSH (Remote Desktop Session Host) 서버 설정... 9 W7CLIENT (Windows 7 Client) 클라이얶트 설정

. PC PC 3 [ ] [ ], [ ] [ ] [ ] 3 [ ] [ ], 4 [ ] [ ], 4 [Internet Protocol Version 4 (TCP/IPv4)] 5 [ ] 6 [ IP (O)], [ DNS (B)] 7 [ ] 한국어 -

01Àå

Chap7.PDF

Secure Programming Lecture1 : Introduction

ARMBOOT 1

ApeosPort-V 7080/6080, DocuCentre-V 7080/6080 User Guide (For AirPrint)

Transcription:

Cisco pxgrid 로인증서배포 CA(Certifice Authority) 서명 pxgrid 클라이언트및자체서명 ISE pxgrid 노드인증서

목차 이문서정보... 3 서론... 4 인증서컨피그레이션예... 5 자체서명 ISE pxgrid 노드인증서및 pxgrid 페르소나컨피그레이션... 5 pxgrid 클라이언트인증서컨피그레이션... 8 pxgrid 클라이언트및 ISE pxgrid 노드테스트... 12 키저장소항목보기... 14 문제해결... 18 2 페이지

이문서정보 이문서에서는 CA 권한으로서명된인증서및 ISE pxgrid 노드의 ISE 를위한 ISE 자체서명인증서를사용하여 pxgrid 클라이언트를구성하는데필요한컨피그레이션단계에대해설명합니다. 이문서는 Cisco pxgrid 를구축하는 Cisco 현장엔지니어, 기술마케팅엔지니어, 파트너및고객을대상으로합니다. 또한 pxgrid 에대해잘알고있어야합니다. pxgrid 에대해잘모르는사용자는아래의 Configure_and_Test_Integrion_with_Cisco_pxGrid.pdf 를참조하십시오. http://www.cisco.com/c/dam/en/us/td/docs/security/ise/how_to/howto-84- Configure_and_Test_Integrion_with_Cisco_pxGrid.pdf Cisco 어카운트팀에서 pxgrid sdk 를받습니다. Cisco ISE(Identity Services Engine) 1.3 이설치된것을전제로합니다. OSX 10.8.5 를실행중인 MAC 은 pxgrid 클라이언트로사용됩니다. Linux OS 도사용할수있습니다. pxgrid 클라이언트에는 Oracle Java Development Kit 7 또는 8 이필요합니다. Deploying pxgrid with Certifices 시리즈에는다음과같은두가지다른문서가있습니다. ISE pxgrid 노드및 pxgrid 클라이언트에 CA 서명인증서사용 ISE pxgrid 노드및 ISE pxgrid 클라이언트에자체서명인증서사용 3 페이지

서론 이섹션에서는 ISE 독립형구축시 pxgrid 클라이언트및 ISE pxgrid 노드의 CA 서명인증서컨피그레이션에대해자세히다룹니다. 이경우 pxgrid 클라이언트에는 Entrus 같은퍼블릭 CA 에의해서명된인증서가포함될수있습니다. 사용자지정 pxgrid 템플릿은클라이언트인증 (1.3.6.5.5.7.3.2) 및서버인증 (1.3.6.1.5.5.7.3.1) 에모두 EKU(Enhanced Key Usage) ISO 정의 OID(object identifier) 가수반됩니다. ISE pxgrid 노드에는 ISE 트러스트된인증서저장소의자체서명 ISE ID 인증서가포함됩니다. Microsoft Enterprise CA 2008 R2 는 pxgrid 클라이언트의인증서에서명할수있는 CA 권한으로사용됩니다. Microsoft CA 권한의 CA 루트인증서는 ISE 트러스트된인증서저장소에추가됩니다. ISE 퍼블릭인증서는 pxgrid 클라이언트의키저장소에추가됩니다. pxgrid 클라이언트가 ISE pxgrid 노드에연결할경우두퍼블릭인증서모두성공적인 pxgrid 연결을위해 SASL(Simple Authenticion and Security Layer) 에트러스트됩니다. 다음다이어그램에는정보의인증서플로우가나와있습니다. 4 페이지

인증서컨피그레이션예 다음은이문서에사용된인증서예를나타냅니다. 자체서명 ISE pxgrid 노드인증서및 pxgrid 페르소나컨피그레이션 이예에서는 ISE 자체서명인증서를 ISE 트러스트된인증서저장소로가져옵니다. ISE ID 인증서가트러스트된인증서저장소에있으면 ISE 노드의 pxgrid 페르소나를활성화하고이를 Primary 노드로변경할수있습니다. 게시된노드는 pxgrid Services View 에표시됩니다. 1 단계자체서명 ISE ID 인증서를내보내고.pem 파일로저장합니다. Administrion->System->Certifices 를차례로누른다음 ISE identity cert->export( 퍼블릭키만 ) 를선택합니다. 5 페이지

2 단계저장된 ISE.pem 파일을 ISE 트러스트된인증서저장소로가져옵니다. Administrion->System->Certifices->Trusted Certifices->Browse 를차례로누른다음파일을업로드하고 Submit 을누릅니다. ISE 트러스트된인증서가져오기가표시됩니다. 6 페이지

3 단계 CA 루트인증서를다운로드하고 ISE 트러스트된인증서저장소에업로드한다음 ISE 커뮤니케이션에트러스트활성화를선택합니다. Administrion->System->Certifices->Trusted Certifices->Import 를차례로누른다음 CA 루트인증서를업로드합니다. 4 단계 ISE 에서 pxgrid 페르소나를활성화합니다. Administrion->System->Deployment->Enable pxgrid 를차례로누른다음역할을 Primary 로변경하고 Save 를누릅니다. 참고 : 역할을 Primary 로반드시변경해야하는것은아닙니다. 7 페이지

5 단계게시된서비스가시작되었는지확인합니다. Administrion->pxGrid Services 참고 : ISE 게시노드가표시되기전까지지연이발생할수있습니다. pxgrid 페르소나가활성화되기전에인증서를설치해야합니다. pxgrid 클라이언트인증서컨피그레이션 이섹션에서는 pxgrid 클라이언트자체인증서생성프로세스를단계별로살펴봅니다. 인증서퍼블릭 / 프라이빗키쌍이생성되면프라이빗키인 self2.key 에서 PKCS12 파일이생성됩니다. PKCS12 파일은 ID 키저장소인 self1.jks 로가져오기됩니다. 이 ID 키저장소및관련비밀번호는 pxgrid 스크립트의 keystorefilename 및 keystorepassword 역할을합니다. pxgrid 클라이언트인증서인 self2.cer 도 ID 키저장소에추가됩니다. ISE ID 인증서인 isemnt 는모두벌크세션다운로드에필요하며, CA 루트인증서는트러스트키저장소인 root.jks 에추가됩니다. 이트러스트키저장소및관련비밀번호는 pxgrid 스크립트의 truststorefilename 및 truststorepassword 역할을합니다. 1 단계 pxgrid 클라이언트에대한프라이빗키 ( 예 : self2.key) 를생성합니다. openssl genrsa -out self2.key 4096 Genering RSA prive key, 4096 bit long modulus...++......++ e is 65537 (0x10001) 2 단계 CA 권한에대한 CSR( 예 : self2.csr) 요청을생성합니다. 챌린지비밀번호 ( 예 : cisco123) 를제공합니다. 8 페이지

openssl req -new -key self2.key -out self2.csr You are about to be asked to enter informion th will be incorpored into your certifice request. Wh you are about to enter is wh is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU: Ste or Province Name (full name) [Some-Ste: Locality Name (eg, city) [: Organizion Name (eg, company) [Internet Widgits Pty Ltd: Organizional Unit Name (eg, section) [: Common Name (e.g. server FQDN or YOUR name) [: Email Address [: Please enter the following 'extra' tributes to be sent with your certifice request A challenge password [:cisco123 An optional company name [:Eppich,Inc Note: Keep the same password throughout this documnent, easier to maintain, and cut down on errors 3 단계 CA 권한은클라이언트인증및서버인증을위한 EKU(Enhanced Key Usage) ISO 정의 OID(object identifier) 가포함된사용자정의템플릿 ( 예 : pxgrid) 을사용하여사용자인증서를지원해야합니다. 참고 : pxgrid 템플릿은 CA 권한에서생성됩니다. 이는중복된사용자템플릿이며, Windows 2003 형식을사용하므로 Certifice Temple 드롭다운메뉴에해당템플릿이표시됩니다. EKU 클라이언트인증및서버인증이모두템플릿에추가되었습니다. 4 단계 pxgrid 클라이언트인증서 ( 예 : self2.cer) 의프라이빗키에서 pxgrid 클라이언트 pkcs12 파일 (self2.p12) 을생성합니다. 이는키저장소관리에사용됩니다. CA 루트파일 ( 예 : ca_root.cer) 을포함합니다. 9 페이지

openssl pkcs12 -export -out self2.p12 -inkey self2.key -in self2.cer -chain -CAfile ca_root.cer Enter Export Password: cisco123 Verifying - Enter Export Password: cisco123 Johns-MacBook-Pro:pxGridsdk jeppich$ 참고 : cisco123 은이문서전체에서사용되는비밀번호입니다. 5 단계 pxgrid 클라이언트 ID 키저장소 ( 예 : self2.jks) 를생성합니다. 이는 pxgrid 스크립트예에서 keystorefilename 및관련 keystorepassword 역할을합니다. keytool -importkeystore -srckeystore self2.p12 -destkeystore self2.jks -srcstoretype PKCS12 Enter destinion keystore password: cisco123 Re-enter new password: cisco123 Enter source keystore password: cisco123 Entry for alias 1 successfully imported. Import command completed: 1 entries successfully imported, 0 entries failed or cancelled 6 단계퍼블릭 ISE ID 인증서만 pxgrid 클라이언트로내보내며, 이는.pem 형식으로이루어집니다. 확장자가.pem 인파일의이름을더읽기쉽게변경할수있습니다. 이예에서파일의이름은 isemnt.pem 으로변경되었습니다. 7 단계.pem 파일을.der 형식으로변환합니다. openssl x509 -outform der -in isemnt.pem -out isemnt.der 8 단계 ISE ID 인증서를트러스트키저장소 ( 예 : root.jks) 에추가합니다. 이는 pxgrid 스크립트에사용된 truststorefilename 및관련 truststorepassword 가됩니다. 10 페이지

keytool -import -alias mnt -keystore root.jks -file isemnt.der Enter keystore password: cisco123 Re-enter new password: cisco123 Owner: CN=ise.lab6.com Issuer: CN=ise.lab6.com Serial number: 548502f500000000ec27e53c1dd64f46 Valid from: Sun Dec 07 17:46:29 PST 2014 until: Mon Dec 07 17:46:29 PST 2015 Certifice fingerprints: MD5: 04:7D:67:04:EC:D2:F5:BC:DC:79:4D:0A:FF:62:09:FD SHA1: 5A:7B:02:E4:07:A1:D2:0B:7D:A5:AE:83:27:3B:E7:33:33:30:1E:32 SHA256: C4:21:6C:6F:5B:06:F3:2C:D7:26:35:CB:BE:2B:1B:FF:0E:EE:09:91:F6:B6:54:0C:6F:63:CB:43:1F:77:F2:37 Signure algorithm name: SHA1withRSA Version: 3 Extensions: #1: ObjectId: 2.5.29.19 Criticality=false BasicConstraints:[ CA:true PhLen:2147483647 #2: ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ serverauth clientauth #3: ObjectId: 2.5.29.15 Criticality=false KeyUsage [ DigitalSignure Key_Encipherment Key_Agreement Key_CertSign #4: ObjectId: 2.16.840.1.113730.1.1 Criticality=false NetscapeCertType [ SSL server #5: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: C4 F3 1A 9E 7B 1B 14 4F 51 9E A4 88 33 07 7A AC...OQ...3.z. 0010: 75 37 36 D4 u76. Trust this certifice? [no: yes Certifice was added to keystore Johns-MacBook-Pro:pxGridsdk jeppich$ 9 단계 pxgrid 클라이언트인증서를 ID 키저장소로가져옵니다. keytool -import -alias pxgridclient -keystore self2.jks -file self2.cer Enter keystore password: cisco123 Certifice already exists in keystore under alias <1> Do you still want to add it? [no: no Certifice was not added to keystroke 11 페이지

10 단계 CA 루트인증서를트러스트키저장소에추가합니다. 두인증서는모두트러스트키저장소에상주해야합니다. keytool -import -alias root -keystore root.jks -file ca_root.cer Enter keystore password: cisco123 Owner: CN=lab6-WIN-BG7GPQ053ID-CA, DC=lab6, DC=com Issuer: CN=lab6-WIN-BG7GPQ053ID-CA, DC=lab6, DC=com Serial number: 448a6d6486c91cb14c6888c127d16c4e Valid from: Thu Nov 13 17:47:06 PST 2014 until: Wed Nov 13 17:57:06 PST 2019 Certifice fingerprints: MD5: 41:10:8A:F5:36:76:79:9C:2C:00:03:47:55:F8:CF:7B SHA1: 9D:DA:06:AF:06:3F:8F:5E:84:C7:F4:58:50:95:03:22:64:48:96:9F SHA256: DB:28:50:D6:47:CA:C0:6A:E9:7B:87:B4:0E:9C:3A:C1:A2:61:EA:D1:29:8B:45:B4:76:4B:DA:2A:F1:D8:E0:A3 Signure algorithm name: SHA256withRSA Version: 3 Extensions: #1: ObjectId: 1.3.6.1.4.1.311.21.1 Criticality=false 0000: 02 01 00... #2: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PhLen:2147483647 #3: ObjectId: 2.5.29.15 Criticality=false KeyUsage [ DigitalSignure Key_CertSign Crl_Sign #4: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: A9 C7 8E 26 9C F5 37 0A E6 5A 15 36 26 D4 A2 06...&..7..Z.6&... 0010: 6A C8 79 2C j.y, Trust this certifice? [no: yes Certifice was added to keystore 11 단계 ID 키저장소 ( 예 : self2.jks) 및트러스트키저장소 ( 예 : root.jks) 를.../samples/bin 폴더에복사합니다. pxgrid 클라이언트및 ISE pxgrid 노드테스트 샘플 pxgrid 스크립트인 register.sh 및 session_download.sh 는 pxgrid 클라이언트연결및 pxgrid 등록을확인하기위해실행됩니다. 세션다운로드는 ISE MNT 인증서및 pxgrid 클라이언트에문제가없는지확인합니다. 12 페이지

1 단계 pxgrid 클라이언트등록./register.sh -keystorefilename self2.jks -keystorepassword cisco123 -truststorefilename root.jks - truststorepassword cisco123 -group Session -description test -hostname 10.0.0.96 -username JohnMACbook ------- properties ------- version=1.0.0 hostnames=10.0.0.96 username=johnmacbook descriptipon=test keystorefilename=self2.jks keystorepassword=cisco123 truststorefilename=root.jks truststorepassword=cisco123 -------------------------- registering... connecting... connected. done registering. connection closed 2 단계세션다운로드실행./session_download.sh -keystorefilename self2.jks -keystorepassword cisco123 -truststorefilename root.jks - truststorepassword cisco123 -hostname 10.0.0.96 -username JohnMACbook ------- properties ------- version=1.0.0 hostnames=10.0.0.96 username=johnmacbook keystorefilename=self2.jks keystorepassword=cisco123 truststorefilename=root.jks truststorepassword=cisco123 filter=null start=null end=null -------------------------- connecting... connected. starting Wed Dec 10 09:55:36 PST 2014... session (ip=10.0.0.18, Audit Session Id=0A0000020000000B006E1086, User Name=jeppich, AD User DNS Domain=lab6.com, AD Host DNS Domain=null, AD User NetBIOS Name=LAB6, AD Host NETBIOS Name=null, Calling stion id=00:0c:29:d1:8d:90, Session ste= STARTED, Epsstus=null, Security Group=null, Endpoint Profile=VMWare-Device, NAS IP=10.0.0.2, NAS Port=GigabitEthernet1/0/15, RADIUSAVPairs=[ Acct-Session- Id=00000002, Posture Stus=null, Posture Timestamp=, Session Last Upde Time=Wed Dec 10 08:27:59 PST 2014 )... ending : Wed Dec 10 09:55:36 PST 2014 --------------------------------------------------- downloaded 1 sessions in 100 milliseconds --------------------------------------------------- connection closed 13 페이지

키저장소항목보기 키저장소항목을확인하여 ID 및트러스트키저장소의트러스트된인증서항목을볼수있습니다. keytool -list -v -keystore self2.jks Enter keystore password: Keystore type: JKS Keystore provider: SUN Your keystore contains 2 entries Alias name: isecert Creion de: Dec 10, 2014 Entry type: trustedcertentry Owner: CN=ise.lab6.com Issuer: CN=ise.lab6.com Serial number: 548502f500000000ec27e53c1dd64f46 Valid from: Sun Dec 07 17:46:29 PST 2014 until: Mon Dec 07 17:46:29 PST 2015 Certifice fingerprints: MD5: 04:7D:67:04:EC:D2:F5:BC:DC:79:4D:0A:FF:62:09:FD SHA1: 5A:7B:02:E4:07:A1:D2:0B:7D:A5:AE:83:27:3B:E7:33:33:30:1E:32 SHA256: C4:21:6C:6F:5B:06:F3:2C:D7:26:35:CB:BE:2B:1B:FF:0E:EE:09:91:F6:B6:54:0C:6F:63:CB:43:1F:77:F2:37 Signure algorithm name: SHA1withRSA Version: 3 Extensions: #1: ObjectId: 2.5.29.19 Criticality=false BasicConstraints:[ CA:true PhLen:2147483647 #2: ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ serverauth clientauth #3: ObjectId: 2.5.29.15 Criticality=false KeyUsage [ DigitalSignure Key_Encipherment Key_Agreement Key_CertSign #4: ObjectId: 2.16.840.1.113730.1.1 Criticality=false NetscapeCertType [ SSL server #5: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: C4 F3 1A 9E 7B 1B 14 4F 51 9E A4 88 33 07 7A AC...OQ...3.z. 0010: 75 37 36 D4 u76. ******************************************* ******************************************* 14 페이지

Alias name: 1 Creion de: Dec 10, 2014 Entry type: PriveKeyEntry Certifice chain length: 2 Certifice[1: Owner: O=Internet Widgits Pty Ltd, ST=Some-Ste, C=AU Issuer: CN=lab6-WIN-BG7GPQ053ID-CA, DC=lab6, DC=com Serial number: 6105dce600000000000a Valid from: Wed Dec 10 09:01:44 PST 2014 until: S Dec 10 09:11:44 PST 2016 Certifice fingerprints: MD5: 76:3E:43:48:A7:FD:2C:5B:A3:FD:76:3F:6E:DF:2D:B8 SHA1: A9:E4:66:D9:34:C6:62:67:2B:C0:AF:E1:68:83:EA:36:3D:2A:23:CC SHA256: 0E:D8:04:30:39:3E:0B:06:D5:3E:29:94:ED:C7:76:7A:5E:27:1C:14:CF:CD:1E:4D:10:AF:22:A7:54:E5:52:7B Signure algorithm name: SHA256withRSA Version: 3 Extensions: #1: ObjectId: 1.2.840.113549.1.9.15 Criticality=false 0000: 30 35 30 0E 06 08 2A 86 48 86 F7 0D 03 02 02 02 050...*.H... 0010: 00 80 30 0E 06 08 2A 86 48 86 F7 0D 03 04 02 02..0...*.H... 0020: 00 80 30 07 06 05 2B 0E 03 02 07 30 0A 06 08 2A..0...+...0...* 0030: 86 48 86 F7 0D 03 07.H... #2: ObjectId: 1.3.6.1.4.1.311.21.10 Criticality=false 0000: 30 32 30 0A 06 08 2B 06 01 05 05 07 03 01 30 0A 020...+...0. 0010: 06 08 2B 06 01 05 05 07 03 02 30 0A 06 08 2B 06..+...0...+. 0020: 01 05 05 07 03 04 30 0C 06 0A 2B 06 01 04 01 82...0...+... 0030: 37 0A 03 04 7... #3: ObjectId: 1.3.6.1.4.1.311.21.7 Criticality=false 0000: 30 2D 06 25 2B 06 01 04 01 82 37 15 08 DC FD 1A 0-.%+...7... 0010: 87 CB EB 79 81 89 9D 2D 86 E6 FC 53 86 82 A1 38...y...-...S...8 0020: 5E 86 D1 B8 23 85 FC EF 40 02 01 64 02 01 03 ^...#...@..d... #4: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false AuthorityInfoAccess [ [ accessmethod: caissuers accesslocion: URIName: ldap:///cn=lab6-win-bg7gpq053id- CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configurion,DC=lab6,DC=com?cACertifice?base?objectC lass=certificionauthority #5: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: A9 C7 8E 26 9C F5 37 0A E6 5A 15 36 26 D4 A2 06...&..7..Z.6&... 0010: 6A C8 79 2C j.y, #6: ObjectId: 2.5.29.31 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: ldap:///cn=lab6-win-bg7gpq053id-ca,cn=win- BG7GPQ053ID,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configurion,DC=lab6,DC=com?certificeRevoca tionlist?base?objectclass=crldistributionpoint #7: ObjectId: 2.5.29.32 Criticality=false CertificePolicies [ [CertificePolicyId: [2.5.29.32.0 [ 15 페이지

#8: ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ serverauth clientauth emailprotection 1.3.6.1.4.1.311.10.3.4 #9: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignure Key_Encipherment #10: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 36 E2 1A 09 D1 51 72 4D C3 6A 18 C1 C4 EB AE B5 6...QrM.j... 0010: E4 48 39 4E.H9N Certifice[2: Owner: CN=lab6-WIN-BG7GPQ053ID-CA, DC=lab6, DC=com Issuer: CN=lab6-WIN-BG7GPQ053ID-CA, DC=lab6, DC=com Serial number: 448a6d6486c91cb14c6888c127d16c4e Valid from: Thu Nov 13 17:47:06 PST 2014 until: Wed Nov 13 17:57:06 PST 2019 Certifice fingerprints: MD5: 41:10:8A:F5:36:76:79:9C:2C:00:03:47:55:F8:CF:7B SHA1: 9D:DA:06:AF:06:3F:8F:5E:84:C7:F4:58:50:95:03:22:64:48:96:9F SHA256: DB:28:50:D6:47:CA:C0:6A:E9:7B:87:B4:0E:9C:3A:C1:A2:61:EA:D1:29:8B:45:B4:76:4B:DA:2A:F1:D8:E0:A3 Signure algorithm name: SHA256withRSA Version: 3 Extensions: #1: ObjectId: 1.3.6.1.4.1.311.21.1 Criticality=false 0000: 02 01 00... #2: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PhLen:2147483647 #3: ObjectId: 2.5.29.15 Criticality=false KeyUsage [ DigitalSignure Key_CertSign Crl_Sign #4: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: A9 C7 8E 26 9C F5 37 0A E6 5A 15 36 26 D4 A2 06...&..7..Z.6&... 0010: 6A C8 79 2C j.y, ******************************************* ******************************************* keytool -list -v -keystore root.jks Enter keystore password: Keystore type: JKS 16 페이지

Keystore provider: SUN Your keystore contains 2 entries Alias name: root Creion de: Dec 10, 2014 Entry type: trustedcertentry Owner: CN=lab6-WIN-BG7GPQ053ID-CA, DC=lab6, DC=com Issuer: CN=lab6-WIN-BG7GPQ053ID-CA, DC=lab6, DC=com Serial number: 448a6d6486c91cb14c6888c127d16c4e Valid from: Thu Nov 13 17:47:06 PST 2014 until: Wed Nov 13 17:57:06 PST 2019 Certifice fingerprints: MD5: 41:10:8A:F5:36:76:79:9C:2C:00:03:47:55:F8:CF:7B SHA1: 9D:DA:06:AF:06:3F:8F:5E:84:C7:F4:58:50:95:03:22:64:48:96:9F SHA256: DB:28:50:D6:47:CA:C0:6A:E9:7B:87:B4:0E:9C:3A:C1:A2:61:EA:D1:29:8B:45:B4:76:4B:DA:2A:F1:D8:E0:A3 Signure algorithm name: SHA256withRSA Version: 3 Extensions: #1: ObjectId: 1.3.6.1.4.1.311.21.1 Criticality=false 0000: 02 01 00... #2: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PhLen:2147483647 #3: ObjectId: 2.5.29.15 Criticality=false KeyUsage [ DigitalSignure Key_CertSign Crl_Sign #4: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: A9 C7 8E 26 9C F5 37 0A E6 5A 15 36 26 D4 A2 06...&..7..Z.6&... 0010: 6A C8 79 2C j.y, ******************************************* ******************************************* Alias name: mnt Creion de: Dec 10, 2014 Entry type: trustedcertentry Owner: CN=ise.lab6.com Issuer: CN=ise.lab6.com Serial number: 548502f500000000ec27e53c1dd64f46 Valid from: Sun Dec 07 17:46:29 PST 2014 until: Mon Dec 07 17:46:29 PST 2015 Certifice fingerprints: MD5: 04:7D:67:04:EC:D2:F5:BC:DC:79:4D:0A:FF:62:09:FD SHA1: 5A:7B:02:E4:07:A1:D2:0B:7D:A5:AE:83:27:3B:E7:33:33:30:1E:32 SHA256: C4:21:6C:6F:5B:06:F3:2C:D7:26:35:CB:BE:2B:1B:FF:0E:EE:09:91:F6:B6:54:0C:6F:63:CB:43:1F:77:F2:37 Signure algorithm name: SHA1withRSA Version: 3 Extensions: 17 페이지

#1: ObjectId: 2.5.29.19 Criticality=false BasicConstraints:[ CA:true PhLen:2147483647 #2: ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ serverauth clientauth #3: ObjectId: 2.5.29.15 Criticality=false KeyUsage [ DigitalSignure Key_Encipherment Key_Agreement Key_CertSign #4: ObjectId: 2.16.840.1.113730.1.1 Criticality=false NetscapeCertType [ SSL server #5: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: C4 F3 1A 9E 7B 1B 14 4F 51 9E A4 88 33 07 7A AC...OQ...3.z. 0010: 75 37 36 D4 u76. ******************************************* ******************************************* 문제해결 이섹션에서는트러블슈팅에대한정보를제공합니다. pxgrid 클라이언트호스트이름및 ISE pxgrid 가 DNS 를통해확인가능한지파악하여 pxgrid 스크립팅오류메시지를방지합니다. 트러스트저장소가변경되고유사한오류메시지가표시될경우, ISE VM 에서 ISE 애플리케이션을중지하고다시시작합니다. 18 페이지

./register.sh -keystorefilename self1.jks -keysrepassword cisco123 -truststorefilename root1.jks - truststorepassword cisco123 -username pxgridclient -hostname 10.0.0.96 -group Session -description test1 ------- properties ------- version=1.0.0 hostnames=10.0.0.96 username=pxgridclient descriptipon=test1 keystorefilename=self1.jks keystorepassword=cisco123 truststorefilename=root1.jks truststorepassword=cisco123 -------------------------- registering... connecting... javax.net.ssl.sslhandshakeexception: Received fal alert: unknown_ca sun.security.ssl.alerts.getsslexception(alerts.java:192) sun.security.ssl.alerts.getsslexception(alerts.java:154) sun.security.ssl.sslsocketimpl.recvalert(sslsocketimpl.java:1991) sun.security.ssl.sslsocketimpl.readrecord(sslsocketimpl.java:1104) sun.security.ssl.sslsocketimpl.performinitialhandshake(sslsocketimpl.java:1343) sun.security.ssl.sslsocketimpl.starthandshake(sslsocketimpl.java:1371) sun.security.ssl.sslsocketimpl.starthandshake(sslsocketimpl.java:1355) org.jivesoftware.smack.xmppconnection.proceedtlsreceived(xmppconnection.java:806) org.jivesoftware.smack.packetreader.parsepackets(packetreader.java:267) org.jivesoftware.smack.packetreader.access$000(packetreader.java:43) org.jivesoftware.smack.packetreader$1.run(packetreader.java:70) Exception in thread "main" com.cisco.pxgrid.gclexception: SASL authenticion failed: com.cisco.pxgrid.gridconnection.connect(gridconnection.java:197) com.cisco.pxgrid.samples.ise.register.main(register.java:99) Caused by: SASL authenticion failed: org.jivesoftware.smack.saslauthenticion.authentice(saslauthenticion.java:281) org.jivesoftware.smack.xmppconnection.login(xmppconnection.java:206) com.cisco.pxgrid.configurion.connect(configurion.java:194) com.cisco.pxgrid.gridconnection.connect(gridconnection.java:134)... 1 more ISE 서비스다시시작 applicion stop ise applicion start ise pxgrid 프로세스가초기화중인지확인합니다. sh applicion stus ise 유사한오류메시지가표시되면루트인증서를 truststorefilename 키저장소 ( 이예에서는 root3.jks) 에추가해야합니다../register.sh -keystorefilename pxgridclient.jks -keystorepassword cisco123 -truststorefilename root3.jks - truststorepassword cisco123 -group Session -description MACBOOK -username Macbook_PRO -hostname 10.0.0.96 ------- properties ------- version=1.0.0 hostnames=10.0.0.96 username=macbook_pro descriptipon=macbook keystorefilename=pxgridclient.jks keystorepassword=cisco123 19 페이지

truststorefilename=root3.jks truststorepassword=cisco123 -------------------------- registering... connecting... javax.net.ssl.sslhandshakeexception: java.security.cert.certificeexception: root certifice not trusted of [ise.lab6.com sun.security.ssl.alerts.getsslexception(alerts.java:192) sun.security.ssl.sslsocketimpl.fal(sslsocketimpl.java:1917) sun.security.ssl.handshaker.false(handshaker.java:301) sun.security.ssl.handshaker.false(handshaker.java:295) sun.security.ssl.clienthandshaker.servercertifice(clienthandshaker.java:1471) sun.security.ssl.clienthandshaker.processmessage(clienthandshaker.java:212) sun.security.ssl.handshaker.processloop(handshaker.java:936) sun.security.ssl.handshaker.process_record(handshaker.java:871) sun.security.ssl.sslsocketimpl.readrecord(sslsocketimpl.java:1043) sun.security.ssl.sslsocketimpl.performinitialhandshake(sslsocketimpl.java:1343) sun.security.ssl.sslsocketimpl.starthandshake(sslsocketimpl.java:1371) sun.security.ssl.sslsocketimpl.starthandshake(sslsocketimpl.java:1355) org.jivesoftware.smack.xmppconnection.proceedtlsreceived(xmppconnection.java:806) org.jivesoftware.smack.packetreader.parsepackets(packetreader.java:267) org.jivesoftware.smack.packetreader.access$000(packetreader.java:43) org.jivesoftware.smack.packetreader$1.run(packetreader.java:70) Caused by: java.security.cert.certificeexception: root certifice not trusted of [ise.lab6.com org.jivesoftware.smack.servertrustmanager.checkservertrusted(servertrustmanager.java:144) sun.security.ssl.abstracttrustmanagerwrapper.checkservertrusted(sslcontextimpl.java:865) sun.security.ssl.clienthandshaker.servercertifice(clienthandshaker.java:1453)... 11 more 아래와같은오류메시지가표시되면 pxgrid 클라이언트및 ISE pxgrid FQDN 이름이 DNS 를통해확인가능한지파악합니다../session_download.sh -keystorefilename jeppich.jks -keystorepassword cisco123 -truststorefilename trust007.jks -truststorepassword cisco123 -hostname 10.0.0.96 -username mac2 ------- properties ------- version=1.0.0 hostnames=10.0.0.96 username=mac2 keystorefilename=jeppich.jks keystorepassword=cisco123 truststorefilename=trust007.jks truststorepassword=cisco123 filter=null start=null end=null -------------------------- connecting... connected. 20:18:07.181 [main WARN o.a.cxf.phase.phaseinterceptorchain - Interceptor for {https://ise.lab6.com/pxgrid/mnt/sd}webclient has thrown exception, unwinding now org.apache.cxf.interceptor.fault: Could not send Message. org.apache.cxf.interceptor.messagesenderinterceptor$messagesenderendinginterceptor.handlemessage(messagesen derinterceptor.java:64) ~[cxf-api-2.7.3.jar:2.7.3 org.apache.cxf.phase.phaseinterceptorchain.dointercept(phaseinterceptorchain.java:271) ~[cxfapi-2.7.3.jar:2.7.3 org.apache.cxf.jaxrs.client.abstractclient.doruninterceptorchain(abstractclient.java:581) [cxfrt-frontend-jaxrs-2.7.3.jar:2.7.3 org.apache.cxf.jaxrs.client.webclient.dochainedinvocion(webclient.java:904) [cxf-rt-frontendjaxrs-2.7.3.jar:2.7.3 org.apache.cxf.jaxrs.client.webclient.doinvoke(webclient.java:772) [cxf-rt-frontend-jaxrs- 2.7.3.jar:2.7.3 org.apache.cxf.jaxrs.client.webclient.doinvoke(webclient.java:759) [cxf-rt-frontend-jaxrs- 2.7.3.jar:2.7.3 20 페이지

org.apache.cxf.jaxrs.client.webclient.invoke(webclient.java:355) [cxf-rt-frontend-jaxrs- 2.7.3.jar:2.7.3 org.apache.cxf.jaxrs.client.webclient.post(webclient.java:381) [cxf-rt-frontend-jaxrs- 2.7.3.jar:2.7.3 com.cisco.pxgrid.stub.identity.impl.sessioniterorimpl.open(sessioniterorimpl.java:128) [pxgrid-identity-client-stub-1.0.0.jar:1.0.0 com.cisco.pxgrid.samples.ise.sessiondownload.main(sessiondownload.java:132) [pxgrid-sdk- 1.0.0.jar:1.0.0 Caused by: java.net.unknownhostexception: UnknownHostException invoking https://ise.lab6.com/pxgrid/mnt/sd/getsessionlistbytime: ise.lab6.com sun.reflect.niveconstructoraccessorimpl.newinstance0(nive Method) ~[na:1.8.0_25 sun.reflect.niveconstructoraccessorimpl.newinstance(niveconstructoraccessorimpl.java:62) ~[na:1.8.0_25 sun.reflect.delegingconstructoraccessorimpl.newinstance(delegingconstructoraccessorimpl.java:45) ~[na:1.8.0_25 java.lang.reflect.constructor.newinstance(constructor.java:408) ~[na:1.8.0_25 org.apache.cxf.transport.http.httpconduit$wrappedoutputstream.mapexception(httpconduit.java:1338) ~[cxf-rttransports-http-2.7.3.jar:2.7.3 org.apache.cxf.transport.http.httpconduit$wrappedoutputstream.close(httpconduit.java:1322) ~[cxf-rt-transports-http-2.7.3.jar:2.7.3 org.apache.cxf.transport.abstractconduit.close(abstractconduit.java:56) ~[cxf-api- 2.7.3.jar:2.7.3 org.apache.cxf.transport.http.httpconduit.close(httpconduit.java:622) ~[cxf-rt-transports-http- 2.7.3.jar:2.7.3 org.apache.cxf.interceptor.messagesenderinterceptor$messagesenderendinginterceptor.handlemessage(messagesen derinterceptor.java:62) ~[cxf-api-2.7.3.jar:2.7.3... 9 common frames omitted Caused by: java.net.unknownhostexception: ise.lab6.com java.net.abstractplainsocketimpl.connect(abstractplainsocketimpl.java:184) ~[na:1.8.0_25 java.net.sockssocketimpl.connect(sockssocketimpl.java:392) ~[na:1.8.0_25 java.net.socket.connect(socket.java:589) ~[na:1.8.0_25 sun.security.ssl.sslsocketimpl.connect(sslsocketimpl.java:649) ~[na:1.8.0_25 sun.net.networkclient.doconnect(networkclient.java:175) ~[na:1.8.0_25 sun.net.www.http.httpclient.openserver(httpclient.java:432) ~[na:1.8.0_25 sun.net.www.http.httpclient.openserver(httpclient.java:527) ~[na:1.8.0_25 sun.net.www.protocol.https.httpsclient.<init>(httpsclient.java:275) ~[na:1.8.0_25 sun.net.www.protocol.https.httpsclient.new(httpsclient.java:371) ~[na:1.8.0_25 sun.net.www.protocol.https.abstractdelegehttpsurlconnection.getnewhttpclient(abstractdelegehttpsurlconn ection.java:191) ~[na:1.8.0_25 sun.net.www.protocol.http.httpurlconnection.plainconnect0(httpurlconnection.java:1103) ~[na:1.8.0_25 sun.net.www.protocol.http.httpurlconnection.plainconnect(httpurlconnection.java:997) ~[na:1.8.0_25 sun.net.www.protocol.https.abstractdelegehttpsurlconnection.connect(abstractdelegehttpsurlconnection.ja va:177) ~[na:1.8.0_25 sun.net.www.protocol.http.httpurlconnection.getoutputstream0(httpurlconnection.java:1281) ~[na:1.8.0_25 sun.net.www.protocol.http.httpurlconnection.getoutputstream(httpurlconnection.java:1256) ~[na:1.8.0_25 sun.net.www.protocol.https.httpsurlconnectionimpl.getoutputstream(httpsurlconnectionimpl.java:250) ~[na:1.8.0_25 org.apache.cxf.transport.http.urlconnectionhttpconduit$urlconnectionwrappedoutputstream.setupwrappedstream( URLConnectionHTTPConduit.java:170) ~[cxf-rt-transports-http-2.7.3.jar:2.7.3 org.apache.cxf.transport.http.httpconduit$wrappedoutputstream.handleheaderstrustcaching(httpconduit.java:12 82) ~[cxf-rt-transports-http-2.7.3.jar:2.7.3 org.apache.cxf.transport.http.httpconduit$wrappedoutputstream.onfirstwrite(httpconduit.java:1233) ~[cxf-rttransports-http-2.7.3.jar:2.7.3 21 페이지

org.apache.cxf.transport.http.urlconnectionhttpconduit$urlconnectionwrappedoutputstream.onfirstwrite(urlcon nectionhttpconduit.java:183) ~[cxf-rt-transports-http-2.7.3.jar:2.7.3 org.apache.cxf.io.abstractwrappedoutputstream.write(abstractwrappedoutputstream.java:47) ~[cxfapi-2.7.3.jar:2.7.3 org.apache.cxf.io.abstractthresholdoutputstream.write(abstractthresholdoutputstream.java:69) ~[cxf-api-2.7.3.jar:2.7.3 org.apache.cxf.transport.http.httpconduit$wrappedoutputstream.close(httpconduit.java:1295) ~[cxf-rt-transports-http-2.7.3.jar:2.7.3... 12 common frames omitted 20:18:07.185 [main WARN c.c.p.s.i.impl.sessioniterorimpl - unsuccessful tempt made to session directory ise.lab6.com javax.ws.rs.client.clientexception: javax.ws.rs.client.clientexception: org.apache.cxf.interceptor.fault: Could not send Message. org.apache.cxf.jaxrs.client.webclient.doresponse(webclient.java:946) ~[cxf-rt-frontend-jaxrs- 2.7.3.jar:2.7.3 org.apache.cxf.jaxrs.client.webclient.dochainedinvocion(webclient.java:905) ~[cxf-rt-frontendjaxrs-2.7.3.jar:2.7.3 org.apache.cxf.jaxrs.client.webclient.doinvoke(webclient.java:772) ~[cxf-rt-frontend-jaxrs- 2.7.3.jar:2.7.3 org.apache.cxf.jaxrs.client.webclient.doinvoke(webclient.java:759) ~[cxf-rt-frontend-jaxrs- 2.7.3.jar:2.7.3 org.apache.cxf.jaxrs.client.webclient.invoke(webclient.java:355) ~[cxf-rt-frontend-jaxrs- 2.7.3.jar:2.7.3 org.apache.cxf.jaxrs.client.webclient.post(webclient.java:381) ~[cxf-rt-frontend-jaxrs- 2.7.3.jar:2.7.3 com.cisco.pxgrid.stub.identity.impl.sessioniterorimpl.open(sessioniterorimpl.java:128) ~[pxgrid-identity-client-stub-1.0.0.jar:1.0.0 com.cisco.pxgrid.samples.ise.sessiondownload.main(sessiondownload.java:132) [pxgrid-sdk- 1.0.0.jar:1.0.0 Caused by: javax.ws.rs.client.clientexception: org.apache.cxf.interceptor.fault: Could not send Message. org.apache.cxf.jaxrs.client.abstractclient.checkclientexception(abstractclient.java:522) ~[cxfrt-frontend-jaxrs-2.7.3.jar:2.7.3 org.apache.cxf.jaxrs.client.abstractclient.preprocessresult(abstractclient.java:508) ~[cxf-rtfrontend-jaxrs-2.7.3.jar:2.7.3 org.apache.cxf.jaxrs.client.webclient.doresponse(webclient.java:941) ~[cxf-rt-frontend-jaxrs- 2.7.3.jar:2.7.3... 7 common frames omitted Caused by: org.apache.cxf.interceptor.fault: Could not send Message. org.apache.cxf.interceptor.messagesenderinterceptor$messagesenderendinginterceptor.handlemessage(messagesen derinterceptor.java:64) ~[cxf-api-2.7.3.jar:2.7.3 org.apache.cxf.phase.phaseinterceptorchain.dointercept(phaseinterceptorchain.java:271) ~[cxfapi-2.7.3.jar:2.7.3 org.apache.cxf.jaxrs.client.abstractclient.doruninterceptorchain(abstractclient.java:581) ~[cxfrt-frontend-jaxrs-2.7.3.jar:2.7.3 org.apache.cxf.jaxrs.client.webclient.dochainedinvocion(webclient.java:904) ~[cxf-rt-frontendjaxrs-2.7.3.jar:2.7.3... 6 common frames omitted Caused by: java.net.unknownhostexception: UnknownHostException invoking https://ise.lab6.com/pxgrid/mnt/sd/getsessionlistbytime: ise.lab6.com sun.reflect.niveconstructoraccessorimpl.newinstance0(nive Method) ~[na:1.8.0_25 sun.reflect.niveconstructoraccessorimpl.newinstance(niveconstructoraccessorimpl.java:62) ~[na:1.8.0_25 sun.reflect.delegingconstructoraccessorimpl.newinstance(delegingconstructoraccessorimpl.java:45) ~[na:1.8.0_25 java.lang.reflect.constructor.newinstance(constructor.java:408) ~[na:1.8.0_25 org.apache.cxf.transport.http.httpconduit$wrappedoutputstream.mapexception(httpconduit.java:1338) ~[cxf-rttransports-http-2.7.3.jar:2.7.3 org.apache.cxf.transport.http.httpconduit$wrappedoutputstream.close(httpconduit.java:1322) ~[cxf-rt-transports-http-2.7.3.jar:2.7.3 org.apache.cxf.transport.abstractconduit.close(abstractconduit.java:56) ~[cxf-api- 2.7.3.jar:2.7.3 org.apache.cxf.transport.http.httpconduit.close(httpconduit.java:622) ~[cxf-rt-transports-http- 2.7.3.jar:2.7.3 22 페이지

org.apache.cxf.interceptor.messagesenderinterceptor$messagesenderendinginterceptor.handlemessage(messagesen derinterceptor.java:62) ~[cxf-api-2.7.3.jar:2.7.3... 9 common frames omitted Caused by: java.net.unknownhostexception: ise.lab6.com java.net.abstractplainsocketimpl.connect(abstractplainsocketimpl.java:184) ~[na:1.8.0_25 java.net.sockssocketimpl.connect(sockssocketimpl.java:392) ~[na:1.8.0_25 java.net.socket.connect(socket.java:589) ~[na:1.8.0_25 sun.security.ssl.sslsocketimpl.connect(sslsocketimpl.java:649) ~[na:1.8.0_25 sun.net.networkclient.doconnect(networkclient.java:175) ~[na:1.8.0_25 sun.net.www.http.httpclient.openserver(httpclient.java:432) ~[na:1.8.0_25 sun.net.www.http.httpclient.openserver(httpclient.java:527) ~[na:1.8.0_25 sun.net.www.protocol.https.httpsclient.<init>(httpsclient.java:275) ~[na:1.8.0_25 sun.net.www.protocol.https.httpsclient.new(httpsclient.java:371) ~[na:1.8.0_25 sun.net.www.protocol.https.abstractdelegehttpsurlconnection.getnewhttpclient(abstractdelegehttpsurlconn ection.java:191) ~[na:1.8.0_25 sun.net.www.protocol.http.httpurlconnection.plainconnect0(httpurlconnection.java:1103) ~[na:1.8.0_25 sun.net.www.protocol.http.httpurlconnection.plainconnect(httpurlconnection.java:997) ~[na:1.8.0_25 sun.net.www.protocol.https.abstractdelegehttpsurlconnection.connect(abstractdelegehttpsurlconnection.ja va:177) ~[na:1.8.0_25 sun.net.www.protocol.http.httpurlconnection.getoutputstream0(httpurlconnection.java:1281) ~[na:1.8.0_25 sun.net.www.protocol.http.httpurlconnection.getoutputstream(httpurlconnection.java:1256) ~[na:1.8.0_25 sun.net.www.protocol.https.httpsurlconnectionimpl.getoutputstream(httpsurlconnectionimpl.java:250) ~[na:1.8.0_25 org.apache.cxf.transport.http.urlconnectionhttpconduit$urlconnectionwrappedoutputstream.setupwrappedstream( URLConnectionHTTPConduit.java:170) ~[cxf-rt-transports-http-2.7.3.jar:2.7.3 org.apache.cxf.transport.http.httpconduit$wrappedoutputstream.handleheaderstrustcaching(httpconduit.java:12 82) ~[cxf-rt-transports-http-2.7.3.jar:2.7.3 org.apache.cxf.transport.http.httpconduit$wrappedoutputstream.onfirstwrite(httpconduit.java:1233) ~[cxf-rttransports-http-2.7.3.jar:2.7.3 org.apache.cxf.transport.http.urlconnectionhttpconduit$urlconnectionwrappedoutputstream.onfirstwrite(urlcon nectionhttpconduit.java:183) ~[cxf-rt-transports-http-2.7.3.jar:2.7.3 org.apache.cxf.io.abstractwrappedoutputstream.write(abstractwrappedoutputstream.java:47) ~[cxfapi-2.7.3.jar:2.7.3 org.apache.cxf.io.abstractthresholdoutputstream.write(abstractthresholdoutputstream.java:69) ~[cxf-api-2.7.3.jar:2.7.3 org.apache.cxf.transport.http.httpconduit$wrappedoutputstream.close(httpconduit.java:1295) ~[cxf-rt-transports-http-2.7.3.jar:2.7.3... 12 common frames omitted Exception in thread "main" java.io.ioexception: unsuccessful tempts made to all session directories com.cisco.pxgrid.stub.identity.impl.sessioniterorimpl.open(sessioniterorimpl.java:148) com.cisco.pxgrid.samples.ise.sessiondownload.main(sessiondownload.java:132) 23 페이지

2024 © docsplayer.org 개인정보보호 | 약관 | 지원