Solutions

How to use Director to copy a keyring from one ProxySG to another, without copying over the entire configuration

Solutions ID:    KB3204
Version:    1.0
Status:    Published
Published date:    08/02/2009
 

Problem Description

This process can be done manually and requires command line access.

Resolution

Prerequisite:
in order for Director to show private keyrings, the connection between Director and the Proxy-SG has to be done over an SSH-RSA. You can check this by clicking on the device and clicking on Edit, confirm the SSH - RSA option is enabled.
 
 
Obtaining the keyring and certificates from source SG

Any keyring created with the  “show-director” option will be visible to director

  • From SGME go to the Configure tab, select the "source" Proxy SG from which the keyring is going to be copied from.
  • Right-click on Backup Manager, then on the create button
  • Click on view contents, the entire configuration settings will appear on the right hand side
  • Open notepad
  • Search for the first line of keyring you want to copy from, copy everything from that line to the last.

 

inline keyring show-director r2d2 "end-406107431-inline"
-----BEGIN RSA PRIVATE KEY-----
MIIByTCCATICAQAwYTELMAkGA1UEBhMCdXMxCjAIBgNVBAgTAWUxCjAIBgNVBAcT
                        ( ... )
MIIByTCCATICAQAwYTELMAkGA1UEBhMCdXMxCjAIBgNVBAgTAWUxCjAIBgNVBAcT
-----END RSA PRIVATE KEY-----
end-406107431-inline


inline signing-request r2d2 "end-406107431-inline"
-----BEGIN CERTIFICATE REQUEST-----
MIIByTCCATICAQAwYTELMAkGA1UEBhMCdXMxCjAIBgNVBAgTAWUxCjAIBgNVBAcT
                        ( ... )
sxRO779GBv7F0dCwnGI993crJ1vRz17nFvEUKwE=
-----END CERTIFICATE REQUEST-----
end-406107431-inline

inline certificate r2d2 "end-406107431-inline"
-----BEGIN CERTIFICATE-----
MIICOzCCAaSgAwIBAgIEGDS05jANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJ1
                        ( ... )
7nFK7FUleV1lWPlALvwiqy2t+JJcg9d39cQ/EDaN4XUCq1nMfWomI7KFhQ4pC9U=
-----END CERTIFICATE-----
end-406107431-inline

 

Copy and paste all this into notepad

 

Configure the overlay:

  • On Director go to the configure tab
  • Select the target Proxy-SG you want to copy the certificate to
  • click on the Overlays tab and click on New
  • Give the overlay a name, description and select the device from the "..." button
  • In the "Add To Overlay" select "using CLI"


Type in "ssl" without the quotes, and then paste the text gathered by the steps above so that the final result looks like this:


ssl
inline keyring show-director r2d2 "end-406107431-inline"
-----BEGIN RSA PRIVATE KEY-----
MIIByTCCATICAQAwYTELMAkGA1UEBhMCdXMxCjAIBgNVBAgTAWUxCjAIBgNVBAcT
                        ( ... )
MIIByTCCATICAQAwYTELMAkGA1UEBhMCdXMxCjAIBgNVBAgTAWUxCjAIBgNVBAcT
-----END RSA PRIVATE KEY-----
end-406107431-inline


inline signing-request r2d2 "end-406107431-inline"
-----BEGIN CERTIFICATE REQUEST-----
MIIByTCCATICAQAwYTELMAkGA1UEBhMCdXMxCjAIBgNVBAgTAWUxCjAIBgNVBAcT
                        ( ... )
sxRO779GBv7F0dCwnGI993crJ1vRz17nFvEUKwE=
-----END CERTIFICATE REQUEST-----
end-406107431-inline

inline certificate r2d2 "end-406107431-inline"
-----BEGIN CERTIFICATE-----
MIICOzCCAaSgAwIBAgIEGDS05jANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJ1
                        ( ... )
7nFK7FUleV1lWPlALvwiqy2t+JJcg9d39cQ/EDaN4XUCq1nMfWomI7KFhQ4pC9U=
-----END CERTIFICATE-----
end-406107431-inline
 

click on OK, and then OK
 


Copy the overlay to the target SG
 

In the Configure tab, make sure the target SG is highlighted in the Devices list
Highlight the Overlay you just created under the Overlays tab
Click on the "<< Apply" button
 
This should install the overlay on the target ProxySG
 

 


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question