After any change to the active cluster configuration, perform the steps below to restore this configuration on the passive cluster

To restore the active cluster configuration on the passive one

1. Run the clusterctl backup create command on any node of the active cluster.
2. Copy the generated file to any node of the passive cluster.
3. Use this file to run the clusterctl backup restore command on the node of the passive cluster. 
4. Log in to the Management Console of the active PKI Hub cluster. 

5. Download the Certificate Authority configuration using the Export Configuration option on the Certificate Authority configuration page.

6. Unzip the pkihub-configuration.zip downloaded, and extract the PKI Hub wrapping key from the kmdata.tar file.
7. Export the kmdata from the nShield RFS (Remote File System) on the passive datacenter.
8. Add the PKI Hub wrapping key obtained from the Certificate Authority active cluster configuration (Step 6) to the kmdata exported from the nShield RFS on the passive datacenter (Step 7).
9. Log in to the Management Console of the passive PKI Hub cluster
10. Select the HSM tab of the Certificate Authority configuration page and import the modified kmdata file (Step 8) to update the file in the nShield kmdata tar file field.