The pki rsa local-key-pair backup command backs up all RSA key pairs from the active device to the standby device in a batch.
| Parameter | Description | Value |
|---|---|---|
all-sys |
Backs up RSA key pairs in all systems on the active device to the standby device in a batch. If this parameter is not specified, RSA key pairs in the current system on the active device are backed up to the standby device in a batch. |
- |
Usage Scenario
In the dual-system hot backup scenarios, the RSA key pairs on the active and standby devices must be the same to ensure the proper running of certificate services in case of an active/standby switchover.
Check whether the RSA key pairs on the active device are the same as those on the standby device using the pki rsa local-key-pair match-slave command. If the RSA key pairs on the active and standby devices are different, run this command to back up all the RSA key pairs in a batch from the active device to the standby device, and all the original RSA key pairs on the standby device will be destroyed.
Precautions
This command can be executed only on the active device in the dual-system hot backup deployment.
After two firewalls are deployed in hot standby mode, run the pki rsa local-key-pair backup command. The configuration files on the active and standby firewalls are different. If this command is not executed, the key pairs and certificates created on the active firewall cannot be synchronized to the standby firewall.
# Back up all RSA key pairs from the active device to the standby device.
<sysname> system-view [sysname] pki rsa local-key-pair backup Info: Sending start info to standby device. Info: Backing up all RSA key pairs to standby device. Info: Backing up all temporary RSA key pairs to standby device. Info: Waitting for backup result. Info: RSA key pair backup succeeded.