Bluecoat archived configuration 包含了设备中保存的一些必要密码,如登陆帐户,FTP,Radius、LDAP等密码,这些密码在archievd configuration文件中都是经过加密的,当将配置导入一台密钥证书不同的设备时(如一台全新的,拥有相同OS Version的设备),就会出现密码无法识别而导入失败的现象。
解决该问题的办法也很简单,将初始设备的证书导出后导入到需要恢复配置的设备上即可。
方法如下:
1 备份初始密钥
进入CLI界面,进入配置模式,备份密钥。
ProxySG>enable
Enable Password:
ProxySG#config t
Enter configuration commands, one per line. End with CTRL-Z.
ProxySG#(config)ssl
ProxySG#(config ssl)view keyring
Enable Password:
ProxySG#config t
Enter configuration commands, one per line. End with CTRL-Z.
ProxySG#(config)ssl
ProxySG#(config ssl)view keyring
Keyring ID: configuration-passwords-key
Private key showability: show
Signing request: absent
Certificate: absent
Private key showability: show
Signing request: absent
Certificate: absent
ProxySG#(config ssl)view keypair des3 configuration-passwords-key
Encryption password: ******
Confirm encryption password: ******
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,F7764081EA599B91
YD8C7eAnkiikacn7uez0wHV02dD0sieFwFEMtOSkWmetCrp0Q5wZQEE+1PKHZgnM
K3VckXPcG6I2l6QO7YoN+BTFGVuPTB/a6FCd+hxAh94npN671mvkPAV+v2B9n4FO
kXQgcfNPH/2mDk7lXcEphQ9WB2JgkeuW5QJNQJIQqFzYG4ETNJAcU4gioKP6D/ys
xarTBSjqppYJQ2sY4nXsnWRQnN3xe9aPF+uq3D2HM0XOJz9ynmxfSVEpWtit6OHp
my7Z+w9oAv9xTyFxG10LZiEFMi82P4CzfFPwWIJEh+PLBmjmpvfpK5wlAlvfGuJO
kdwY5lf4Elcz9XUlZ58Mpe9wo5EfSe/5185ZUG+EJc/mp7kqzDr5tljNRE2PwR6G
5mt8p+kCP3CTrjhDUNv+1WtxhmSiUH6qRZMkae769pzmwYw7HXYdI246+H2Uye1W
dUMjxQ8J5Ki8Wn7vYnNieYo1KCF3VZzQB96P1ltp96617nKjlXDaGTja8XHU0Kv0
2aO2Gb9zM5PM6uEWgKKlniFtBfsfZjOiuqYbUGXYL7Epr/JaMMdnhstYBe/TvDiH
U+uMJcJbolQQJrrFyG75ynNUy3j2UGgKEjEUg19CctiMedVNG/V7l334u2NoGK2v
uEXxQhchmhcnIcQEczo5QpSfpXHr29oMRmrwxvqS3odN42p6SJhex9J1g2ZO9rpU
Gvo5wg5rHUP2+BKAWhbXMk7KYs7asJG73ebB5PPqAcatV8l47xttKIn09IOELyrU
oeHjgi6rBJa+MnnepvJK5FRGIQqjPESva1KpH8V3no8=
-----END RSA PRIVATE KEY-----
ProxySG#(config ssl)
K3VckXPcG6I2l6QO7YoN+BTFGVuPTB/a6FCd+hxAh94npN671mvkPAV+v2B9n4FO
kXQgcfNPH/2mDk7lXcEphQ9WB2JgkeuW5QJNQJIQqFzYG4ETNJAcU4gioKP6D/ys
xarTBSjqppYJQ2sY4nXsnWRQnN3xe9aPF+uq3D2HM0XOJz9ynmxfSVEpWtit6OHp
my7Z+w9oAv9xTyFxG10LZiEFMi82P4CzfFPwWIJEh+PLBmjmpvfpK5wlAlvfGuJO
kdwY5lf4Elcz9XUlZ58Mpe9wo5EfSe/5185ZUG+EJc/mp7kqzDr5tljNRE2PwR6G
5mt8p+kCP3CTrjhDUNv+1WtxhmSiUH6qRZMkae769pzmwYw7HXYdI246+H2Uye1W
dUMjxQ8J5Ki8Wn7vYnNieYo1KCF3VZzQB96P1ltp96617nKjlXDaGTja8XHU0Kv0
2aO2Gb9zM5PM6uEWgKKlniFtBfsfZjOiuqYbUGXYL7Epr/JaMMdnhstYBe/TvDiH
U+uMJcJbolQQJrrFyG75ynNUy3j2UGgKEjEUg19CctiMedVNG/V7l334u2NoGK2v
uEXxQhchmhcnIcQEczo5QpSfpXHr29oMRmrwxvqS3odN42p6SJhex9J1g2ZO9rpU
Gvo5wg5rHUP2+BKAWhbXMk7KYs7asJG73ebB5PPqAcatV8l47xttKIn09IOELyrU
oeHjgi6rBJa+MnnepvJK5FRGIQqjPESva1KpH8V3no8=
-----END RSA PRIVATE KEY-----
ProxySG#(config ssl)
请注意,密钥里面包含的---BEGIN ----和---END---一定要完整的复制下来,否则在导入的时候会提示证书无法识别错误。
进入需要恢复配置的设备界面, Configuration-SSL-Keyrings,将已经存在的configuration-password-key删除并用同样的名字新建一个,配置如图,将备份的密钥复制进入即可。
For more detais, Please click https://kb.bluecoat.com/index?page=content&id=KB2880
Bluecoat KB2880
