Dell Networking OS10: How to Run Certificate Update from Linux

Summary: How to use Live Linux ISO to update OS10 certificate.

Acest articol se aplică pentru Acest articol nu se aplică pentru Acest articol nu este legat de un produs specific. Acest articol nu acoperă toate versiunile de produs existente.
Consultați alte resurse

Instructions

Table of Contents

  1. Requirements to be Met
  2. Steps to Run Script from Live Linux ISO
  3. Command Summary
  4. Items to Take Note

Requirements to be Met

  • Must have Linux ISO downloaded (In this case, it is CentOS 7 KDE live ISO.)
  • Must have internet access on Linux VM
  • The switch is reachable from VM
  • Switch Sysadmin role user
  • Must not have “system-cli disable” configured

Steps to Run Script from Live Linux ISO

  1. Boot to the ISO from VMware (or another hypervisor)
Link for CentOS 7 KDE live ISO download:
 
Created VM settings with mounted ISO:
Boot into the CentOS disk:

 
  1. Right click to open Konsole.

 
  1. Run yum, install, expect, and unzip.
sudo yum install expect unzip -y
 
 
 
  1. Save file to Linux system (can transfer directly to host or download for DDL using Firefox).
scp <user>@<hostip>:</filelocation/filename> <filename>
 
 
  1. Unzip the file and run chmod to make the file executable.

unzip cert_upgrade_script-3.zip
chmod 777 cert_upgrade_script/*

 
  1. Run file to each switch IP or with host file per readme to confirm vulnerable and applied.

cd cert_upgrade_script
./cert.sh -u admin -p admin -h <IP> -c
./cert.sh -u admin -p admin -h <IP>
./cert.sh -u admin -p admin -h <IP> -c


 

  1. After executing the script, check KB article 184027: Dell Networking OS10 Certificate Expiration and Solution. for the next steps.
ALERT: Flap the VLTi or reload switch based upon KB steps for cert to take effect.
 

Command Summary

Command Explanation
sudo yum install expect unzip -y Install needed packages
cd Desktop Move the desktop directory
scp <user>@<hostip>:</filelocation/filename> <filename> Download the script to the Desktop
unzip cert_upgrade_script-3.zip Unzip the script file
chmod 777 cert_upgrade_script/* chmod to allow the .sh and folder to be read/write/execute
cd cert_upgrade_script Change to the cert directory
./cert.sh -u admin -p admin -h <IP> -c check the switch is vulnerable.
./cert.sh -u admin -p admin -h <IP> Run script to change cert
./cert.sh -u admin -p admin -h <IP> -c Check to see if switch was updated
 

Items to Take Note

  • The script does version checks for if running at a version earlier than 10.4.3.x.
    • If running earlier than this version, it creates the message “running a version less than 10.4.3.x, please upgrade to newer version”
  • The script does version checks for if funning at a version later than 10.5.1.0. (in script version v4).
    • The system is not vulnerable if other switches in the cluster are also running 10.5.1.0 or later.
    • Newer firmware may have affected cert however, it is not in use, and as such, can be ignored or upgraded without concern.
  • Ensure to use ‘ (single quotes) if special characters are in username or password on Linux.
  • If existing Linux OS, ensure version is 5.45 or later.

Produse afectate

PowerSwitch S3048-ON, PowerSwitch S4048-ON, Dell EMC Networking MX5108n, Dell EMC Networking MX9116n, Dell EMC Networking N3200-ON, PowerSwitch S4048T-ON, PowerSwitch S4112F-ON/S4112T-ON, PowerSwitch S4128F-ON/S4128T-ON , PowerSwitch S4148F-ON/S4148T-ON/S4148FE-ON, PowerSwitch S4148U-ON, PowerSwitch S4248FB-ON /S4248FBL-ON, PowerSwitch S5148F-ON, PowerSwitch S5212F-ON, PowerSwitch S5224F-ON, PowerSwitch S5232F-ON, PowerSwitch S5248F-ON, PowerSwitch S5296F-ON, PowerSwitch S6010-ON, PowerSwitch S6100-ON, PowerSwitch Z9100-ON, PowerSwitch Z9264F-ON, PowerSwitch Z9332F-ON, PowerSwitch Z9432F-ON ...
Proprietăți articol
Article Number: 000188438
Article Type: How To
Ultima modificare: 05 Jun 2025
Version:  6
Găsiți răspunsuri la întrebările dvs. de la alți utilizatori Dell
Servicii de asistență
Verificați dacă dispozitivul dvs. este acoperit de serviciile de asistență.