Dell Networking OS10: How to Run Certificate Update from Linux

摘要: How to use Live Linux ISO to update OS10 certificate.

本文章適用於 本文章不適用於 本文無關於任何特定產品。 本文未識別所有產品版本。
查看其他資源

說明

Table of Contents

  1. Requirements to be Met
  2. Steps to Run Script from Live Linux ISO
  3. Command Summary
  4. Items to Take Note

Requirements to be Met

  • Must have Linux ISO downloaded (In this case, it is CentOS 7 KDE live ISO.)
  • Must have internet access on Linux VM
  • The switch is reachable from VM
  • Switch Sysadmin role user
  • Must not have “system-cli disable” configured

Steps to Run Script from Live Linux ISO

  1. Boot to the ISO from VMware (or another hypervisor)
Link for CentOS 7 KDE live ISO download:
 
Created VM settings with mounted ISO:
Boot into the CentOS disk:

 
  1. Right click to open Konsole.

 
  1. Run yum, install, expect, and unzip.
sudo yum install expect unzip -y
 
 
 
  1. Save file to Linux system (can transfer directly to host or download for DDL using Firefox).
scp <user>@<hostip>:</filelocation/filename> <filename>
 
 
  1. Unzip the file and run chmod to make the file executable.

unzip cert_upgrade_script-3.zip
chmod 777 cert_upgrade_script/*

 
  1. Run file to each switch IP or with host file per readme to confirm vulnerable and applied.

cd cert_upgrade_script
./cert.sh -u admin -p admin -h <IP> -c
./cert.sh -u admin -p admin -h <IP>
./cert.sh -u admin -p admin -h <IP> -c


 

  1. After executing the script, check KB article 184027: Dell Networking OS10 Certificate Expiration and Solution. for the next steps.
ALERT: Flap the VLTi or reload switch based upon KB steps for cert to take effect.
 

Command Summary

Command Explanation
sudo yum install expect unzip -y Install needed packages
cd Desktop Move the desktop directory
scp <user>@<hostip>:</filelocation/filename> <filename> Download the script to the Desktop
unzip cert_upgrade_script-3.zip Unzip the script file
chmod 777 cert_upgrade_script/* chmod to allow the .sh and folder to be read/write/execute
cd cert_upgrade_script Change to the cert directory
./cert.sh -u admin -p admin -h <IP> -c check the switch is vulnerable.
./cert.sh -u admin -p admin -h <IP> Run script to change cert
./cert.sh -u admin -p admin -h <IP> -c Check to see if switch was updated
 

Items to Take Note

  • The script does version checks for if running at a version earlier than 10.4.3.x.
    • If running earlier than this version, it creates the message “running a version less than 10.4.3.x, please upgrade to newer version”
  • The script does version checks for if funning at a version later than 10.5.1.0. (in script version v4).
    • The system is not vulnerable if other switches in the cluster are also running 10.5.1.0 or later.
    • Newer firmware may have affected cert however, it is not in use, and as such, can be ignored or upgraded without concern.
  • Ensure to use ‘ (single quotes) if special characters are in username or password on Linux.
  • If existing Linux OS, ensure version is 5.45 or later.

受影響的產品

PowerSwitch S3048-ON, PowerSwitch S4048-ON, Dell EMC Networking MX5108n, Dell EMC Networking MX9116n, Dell EMC Networking N3200-ON, PowerSwitch S4048T-ON, PowerSwitch S4112F-ON/S4112T-ON, PowerSwitch S4128F-ON/S4128T-ON , PowerSwitch S4148F-ON/S4148T-ON/S4148FE-ON, PowerSwitch S4148U-ON, PowerSwitch S4248FB-ON /S4248FBL-ON, PowerSwitch S5148F-ON, PowerSwitch S5212F-ON, PowerSwitch S5224F-ON, PowerSwitch S5232F-ON, PowerSwitch S5248F-ON, PowerSwitch S5296F-ON, PowerSwitch S6010-ON, PowerSwitch S6100-ON, PowerSwitch Z9100-ON, PowerSwitch Z9264F-ON, PowerSwitch Z9332F-ON, PowerSwitch Z9432F-ON ...
文章屬性
文章編號: 000188438
文章類型: How To
上次修改時間: 05 6月 2025
版本:  6
向其他 Dell 使用者尋求您問題的答案
支援服務
檢查您的裝置是否在支援服務的涵蓋範圍內。