Question

How to update ssl certificate and key remotely without using management port on summit switches


How does one download ssl certificate and key from tftp server without using vr-mgmt (managment port). Is there a way to force the download to use the other virtual router? Better yet, is it possible to push the certificates and keys using ridgeline? Some switches are over seas and management port is not connected. Only access is through regular vlan ip.
Lastly, if the certificate and key have are being stored on the switch, but not being used, is it possible to import them locally?

6 replies

By default the tftp to should use the vr-default. Or you can call it in the command line. Not sure about pushing from ridgeline.
Thanks for the reply, but per ExtremeXOS Concepts guide v15.2 page 80, 'If you do not specify a virtual router, VR-Mgmt is used.' This means that the 'download ssl .....' is using the VR-Mgmt. There are no command line options with the 'download' command to change the vr that I am aware of.
Userlevel 2
http://salfarisi25.wordpress.com/2012/06/11/securing-extreme-switch-enabling-ssh2/

this may answer your questions.
Interesting read, but doesn't touch on ssl. I have ssh access to the switches, but extreme networks states that ssl certs and keys cannot be loaded to the switch except through the management vlan. How does everyone here have their racks set up so that access is through the management port remotely?
Userlevel 7
steven rhoads wrote:

Interesting read, but doesn't touch on ssl. I have ssh access to the switches, but extreme networks states that ssl certs and keys cannot be loaded to the switch except through the management vlan. How does everyone here have their racks set up so that access is through the management port remotely?

Hi Steven,
Here's another thread where management network connectivity is discussed.
https://community.extremenetworks.com/extreme/topics/how-to-connect-the-management-port-to-the-netwo...
Userlevel 5
Given your scenario you could create a key and SCP2 it directly to the switch from your command line. Here is the documentation to explain: http://documentation.extremenetworks.com/exos/EXOS_All/Security/t_use-sftp-from-an-external-ssh2-cli...

As to SSL, your only option would be to create a self-signed cert as you already found out that you can only transfer them via the vr-mgmt.

Reply