Security
ExtremeWare XOS 11.3 Concepts Guide
342
This command also displays:
â—Ź HTTPS port configured. This is the port on which the clients will connect.
â—Ź Length of the RSA key (the number of bits used to generate the private key).
â—Ź Basic information about the stored certificate.
Downloading a Private Key from a TFTP Server
To download a private key from files stored in a TFTP server, use the following command:
download ssl <ip_address> privkey <key file>
If the operation is successful, the existing private key is overwritten. After the download is successful, a
check is performed to find out whether the private key downloaded matches the public key stored in
the certificate. If the private and public keys do not match, the switch displays a warning message
similar to the following:
Warning: The Private Key does not match with the Public Key in
the certificate
. This warning acts as a reminder to also download the corresponding certificate.
For security reasons, when downloading private keys, Extreme Networks recommends obtaining a pre-
generated key rather than downloading a private key from a TFTP server. See “Configuring Pre-
generated Certificates and Keys” on page 342 for more information.
Downloaded certificates and keys are not saved across switch reboots unless you save your current
switch configuration. Once you issue the
save command, the downloaded certificate is stored in the
configuration file and the private key is stored in the EEPROM.
Configuring Pre-generated Certificates and Keys
To get the pre-generated certificate from the user, use the following command:
configure ssl certificate pregenerated
You can copy and paste the certificate into the command line followed by a blank line to end the
command.
This command is also used when downloading or uploading the configuration. Do not modify the
certificate stored in the uploaded configuration file because the certificate is signed using the issuer’s
private key.
The certificate and private key file should be in PEM format and generated using RSA as the
cryptography algorithm.
To get the pre-generated private key from the user, use the following command:
configure ssl privkey pregenerated
You can copy and paste the key into the command line followed by a blank line to end the command.
This command is also used when downloading or uploading the configuration. The private key is
stored in the EEPROM.
The certificate and private key file should be in PEM format and generated using RSA as the
cryptography algorithm.
To Next Page
Loading...
Need help?
General
