How to update ssl certificate and key remotely without using management port on summit switches

  • 0
  • 2
  • Question
  • Updated 3 years ago
How does one download ssl certificate and key from tftp server without using vr-mgmt (managment port).  Is there a way to force the download to use the other virtual router?  Better yet, is it possible to push the certificates and keys using ridgeline?  Some switches are over seas and management port is not connected.  Only access is through regular vlan ip.
Lastly, if the certificate and key have are being stored on the switch, but not being used, is it possible to import them locally?
Photo of steven rhoads

steven rhoads

  • 100 Points 100 badge 2x thumb

Posted 3 years ago

  • 0
  • 2
Photo of Matt Tinonga

Matt Tinonga

  • 372 Points 250 badge 2x thumb
By default the tftp to should use the vr-default. Or you can call it in the command line. Not sure about pushing from ridgeline.
(Edited)
Photo of steven rhoads

steven rhoads

  • 100 Points 100 badge 2x thumb
Thanks for the reply, but per ExtremeXOS Concepts guide v15.2 page 80, 'If you do not specify a virtual router, VR-Mgmt is used.'  This means that the 'download ssl .....' is using the VR-Mgmt.  There are no command line options with the 'download' command to change the vr that I am aware of.
Photo of Michael Suggs

Michael Suggs

  • 432 Points 250 badge 2x thumb
Photo of steven rhoads

steven rhoads

  • 100 Points 100 badge 2x thumb
Interesting read, but doesn't touch on ssl. I have ssh access to the switches, but extreme networks states that ssl certs and keys cannot be loaded to the switch except through the management vlan.  How does everyone here have their racks set up so that access is through the management port remotely?
Photo of Drew C.

Drew C., Community Manager

  • 37,366 Points 20k badge 2x thumb
Hi Steven,
Here's another thread where management network connectivity is discussed.
https://community.extremenetworks.com/extreme/topics/how-to-connect-the-management-port-to-the-netwo...
Photo of Bill Stritzinger

Bill Stritzinger, Alum

  • 6,016 Points 5k badge 2x thumb
Given your scenario you could create a key and SCP2 it directly to the switch from your command line.  Here is the documentation to explain: http://documentation.extremenetworks.com/exos/EXOS_All/Security/t_use-sftp-from-an-external-ssh2-cli...

As to SSL, your only option would be to create a self-signed cert as you already found out that you can only transfer them via the vr-mgmt.