Extreme Networks

steven_rhoads · ‎03-19-2015

How does one download ssl certificate and key from tftp server without using vr-mgmt (managment port). Is there a way to force the download to use the other virtual router? Better yet, is it possible to push the certificates and keys using ridgeline? Some switches are over seas and management port is not connected. Only access is through regular vlan ip.
Lastly, if the certificate and key have are being stored on the switch, but not being used, is it possible to import them locally?

Bill_Stritzinge · ‎03-23-2015

Given your scenario you could create a key and SCP2 it directly to the switch from your command line. Here is the documentation to explain: http://documentation.extremenetworks.com/exos/EXOS_All/Security/t_use-sftp-from-an-external-ssh2-cli...

As to SSL, your only option would be to create a self-signed cert as you already found out that you can only transfer them via the vr-mgmt.

Drew_C · ‎03-20-2015

Hi Steven,
Here's another thread where management network connectivity is discussed.
https://community.extremenetworks.com/extreme/topics/how-to-connect-the-management-port-to-the-netwo...

steven_rhoads · ‎03-20-2015

Interesting read, but doesn't touch on ssl. I have ssh access to the switches, but extreme networks states that ssl certs and keys cannot be loaded to the switch except through the management vlan. How does everyone here have their racks set up so that access is through the management port remotely?

Michael_Suggs1 · ‎03-20-2015

http://salfarisi25.wordpress.com/2012/06/11/securing-extreme-switch-enabling-ssh2/

this may answer your questions.

Extreme Networks

How to update ssl certificate and key remotely without using management port on summit switches

How to update ssl certificate and key remotely without using management port on summit switches