download ssl certificate

download ssl ipaddress certificate cert_file

Description

Permits downloading of a certificate key from files stored in a TFTP server.

Syntax Description

ipaddress Specifies the IP address of the TFTP server.
cert_file Specifies the name of the certificate key.

Default

N/A.

Usage Guidelines

If the download operation is successful, any existing certificate is overwritten. After a successful download, the software attempts to match the public key in the certificate against the private key stored. If the private and public keys do not match, the switch displays a warning message similar to the following: Warning: The Private Key does not match with the Public Key in the certificate. This warning acts as a reminder to also download the private key.

Note

Note

You can only download a certificate key in the VR-Mgmt virtual router.

Downloaded certificates and keys are not saved across switch reboots unless you save your current switch configuration. Once you issue the save command, the downloaded certificate is stored in the configuration file and the private key is stored in the EEPROM.

Similar to SSH2, before you can use any SSL commands, you must first download and install the separate Extreme Networks SSH software module (ssh.xmod). This additional module allows you to configure both SSH2 and SSL on the switch. SSL is packaged with the SSH module; therefore, if you do not install the module, you are unable to configure SSL. If you try to execute SSL commands without installing the module first, the switch notifies you to download and install the module. To install the module, see the instructions in Software Upgrade and Boot Options.

You can purchase and obtain SSL certificates from Internet security vendors.

Remote IP Address Character Restrictions

This section provides information about the characters supported by the switch for remote IP addresses.

When specifying a remote IP address, the switch permits only the following characters:
  • Alphabetical letters, upper case and lower case (A-Z, a-z).
  • Numerals (0-9).
  • Period ( . ).
  • Colon ( : ).

When configuring an IP address for your network server, remember the requirements listed above.

Remote Filename Character Restrictions

This section provides information about the characters supported by the switch for remote filenames.

When specifying a remote filename, the switch permits only the following characters:
  • Alphabetical letters, upper case and lower case (A-Z, a-z).
  • Numerals (0-9).
  • Period ( . ).
  • Dash ( - ).
  • Underscore ( _ ).
  • Slash ( / ).

When naming a remote file, remember the requirements listed above.

Example

The following command downloads a certificate from a TFTP server with the IP address of 123.45.6.78:
download ssl 123.45.6.78 certificate g0ethner1

History

This command was first available in the ExtremeXOS 11.2 and supported with the SSH module.

Platform Availability

This command is available on all platforms.