11-18-2022 03:48 AM
Hi,
I want to transfer files (upgrade bin files) from a linux server to IOS-XE switch using https client.
#copy https: flash:
Address or name of remote host []? 192.168.0.1
Source filename []? http_root/cat9k_lite_iosxe.17.06.03.SPA.bin
Destination filename [cat9k_lite_iosxe.17.06.03.SPA.bin]?
Accessing https://192.168.0.1/http_root/cat9k_lite_iosxe.17.06.03.SPA.bin...
%Error opening https://192.168.0.1/http_root/cat9k_lite_iosxe.17.06.03.SPA.bin (I/O error)
The I/O error is coming because, IOS-XE client do not trust the server certificate.
I want to configure IOS-XE client do that I ignores this warning and proceed with connection.
Does anyone know what are the cli commands so that IOS-XE https client just blindly trust or ignore certificate warning?
In simple terms for example - if we are using linux and curl command; we can use - curl -k (-k means ignore certificate warning).
Does Cisco IOS-XE https client have something similar?
Regards
11-18-2022 05:03 AM
- In the mean time you could fall back to simple (unencrypted)-http , or tftp , but http would be a lot faster.
M.
11-18-2022 06:04 AM
Hi,
Why I need http/https - as you have mentioned a lot faster than those tftp, scp solution in IOS.
http works. Then wondering about https. It can't be like Cisco has not give the any option to ignore certificate warning. That's why asking the same question in community, somebody must have faced this similar problem.
Regards
11-18-2022 07:25 AM
- How do you conclude , that the (initial) I/O error is because of a certificate problem ?
M.
11-18-2022 08:43 AM
Hi,
Yes indeed. Now I have added the CA certificates from the https server to the Cisco IOS using those PKI trustpoint commands. Now it works.
Very strange Cisco does not provide any client side commands to bypass those cert warning. At least I am not able to find those.
Any Cisco PKI expert can help here?
11-18-2022 08:45 AM
And the packet capture which proves I/O error is for certificate warning.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide