After any change to the PKI Hub cluster 1 configuration, perform the steps below to restore PKI Hub cluster 1 configuration on PKI Hub cluster 2.

To restore the PKI Hub 1 configuration on PKI Hub 2

1. Run the clusterctl backup create command on any node of PKI Hub cluster 1.
2. Copy the generated file to PKI Hub cluster 2.
3. Use this file to run the clusterctl backup restore on any node of PKI Hub cluster 2. 
4. Export the kmdata from the nShield RFS (Remote File System) on the passive datacenter.
5. Log in to the Management Console of any node of the passive datacenter. 
6. Select the HSM tab of the Certificate Authority configuration page.
7. Export the current file in the nShield kmdata tar file field.
8. Extract the PKI Hub wrapping key from the exported file.
9. Add this PKI Hub key to the kmdata exported from the nShield RFS.
10. Click Choose File and select the modified kmdata file to update the file in the nShield kmdata tar file field.