Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1135
Views
0
Helpful
5
Replies

IOS-XE https client - ignore server certificate warning and trust

ssajiby2k
Level 1
Level 1

‎11-18-2022 03:48 AM

Hi,

I want to transfer files (upgrade bin files) from a linux  server to IOS-XE switch using https client.

#copy https: flash:
Address or name of remote host []? 192.168.0.1
Source filename []? http_root/cat9k_lite_iosxe.17.06.03.SPA.bin
Destination filename [cat9k_lite_iosxe.17.06.03.SPA.bin]?
Accessing https://192.168.0.1/http_root/cat9k_lite_iosxe.17.06.03.SPA.bin...
%Error opening https://192.168.0.1/http_root/cat9k_lite_iosxe.17.06.03.SPA.bin (I/O error)

The I/O error is coming because, IOS-XE client do not trust the server certificate. 

I want to configure IOS-XE client do that I ignores this warning and proceed with connection.

Does anyone know what are the cli commands so that IOS-XE https client just blindly trust or ignore certificate warning?

In simple terms for example - if we are using linux and curl command; we can use - curl -k (-k means ignore certificate warning).

Does Cisco IOS-XE https client have something similar?

Regards

 

 

 

 

 

Labels:
0 Helpful
5 Replies 5

marce1000
VIP
VIP

‎11-18-2022 05:03 AM

 

         - In the mean time you could fall back to simple (unencrypted)-http , or tftp , but http would be a lot faster.

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

ssajiby2k
Level 1
Level 1
In response to marce1000

‎11-18-2022 06:04 AM

Hi,

Why I need http/https - as you have mentioned a lot faster than those tftp, scp solution in IOS.

http works. Then wondering about https. It can't be like Cisco has not give the any option to ignore certificate warning. That's why asking the same question in community, somebody must have faced this similar problem.

 

Regards

 

 

0 Helpful

marce1000
VIP
VIP
In response to ssajiby2k

‎11-18-2022 07:25 AM

 

            - How do you conclude   , that the (initial) I/O error is because of a  certificate problem ?

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

ssajiby2k
Level 1
Level 1
In response to marce1000

‎11-18-2022 08:43 AM

Hi,

Yes indeed. Now I have added the CA certificates from the https server to the Cisco IOS using those PKI trustpoint commands. Now it works.

Very strange Cisco does not provide any client side commands to bypass those cert warning. At least I am not able to find those.

Any Cisco PKI expert can help here?

 

0 Helpful

ssajiby2k
Level 1
Level 1

‎11-18-2022 08:45 AM

And the packet capture which proves I/O error is for certificate warning.

ssajiby2k_0-1668789926754.png

 

 

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card