15: Maintenance
EMG™ Edge Management Gateway User Guide
334
d. The server.key file and server.crt file output in these steps can be installed in the web
server that will provide the ZTP configuration file. The certificate can be verified (e.g. view
the root CA, algorithms, validity date and CN, etc) at anytime with the command:
openssl x509 -noout -text -in server.crt
4. Create the client certificate and sign it with the root certificate:
a. Create the client certificate's private key (longer bit sizes such as 8192 can be used
instead of 4096):
openssl genrsa -out client.key 4096
b. Create the client certificate's Certificate Signing Request or CSR (the CN, or
commonName, cannot be the same as the CN of the root CA):
openssl req -new -key client.key -out client.csr -subj /
CN=ztpExampleClient
c. Create the client certificate by signing the CSR with the root CA (
policy_match
can be
used in place of
policy_anything
to use a different rule in openssl.cnf for controlling
which attributes of a certificate are required to match those given in the CA; by default
policy_anything requires that only a CN be specified):
openssl ca -days 365 -in client.csr -out client.crt -keyfile
ca.key -policy policy_anything -batch -notext
d. The client.key file and client.crt file output in these steps can be copied to the top level
directory of the external storage device that will be used for ZTP (rename client.key to
key.pem and client.crt to cert.pem). The certificate can be verified (e.g. view the root CA,
algorithms, validity date and CN, etc) at anytime with the command:
openssl x509 -noout -text -in client.crt
HTTPS Push Configuration Restore
The HTTPS Push Configuration feature allows a saved configuration to be pushed to a EMG via a
command line tool such as "curl" that includes the configuration to upload:
% curl --insecure --request POST --form "file=@/home/users/admin/
current-emgcfg.tgz" ‘https://myemg.company.com/
cfgupdate.htm?login=sysadmin&password=PASS&config=all&comment=FirmwareUp
date’
The configuration file name can have a maximum of 23 characters.
The arguments that are passed with the URL are:
login
- Login token to use for authentication. This must be a local user with firmware/config
and reboot/shutdown rights.
password
- Clear text password for the login token.
config
- Indicates the portion of the configuration to restore, either all, or any combination of
the following separated by commas: network, datetime, services, localusers, devports, usb,
rpms, remoteauth, connections, events, ipfilter, groups, hostlist, nfscifs, maintenance, sites,
scripts, slcnetwork, consoleport, menus, sshkeys, or sslcerts.
comment
- optional comment to include in the system log and audit log. If spaces are included
in the comment they should be URL encoded as shown in this bash script:
#!/bin/bash
Summary of Contents for EMG Series
Page 100: ...7 Networking EMG Edge Management Gateway User Guide 100 Figure 7 5 Network Wireless Settings...
Page 353: ...15 Maintenance EMG Edge Management Gateway User Guide 353 Figure 15 12 About EMG...
Page 474: ...EMG Edge Management Gateway User Guide 474 Figure E 3 EU Declaration of Conformity...
Page 475: ...EMG Edge Management Gateway User Guide 475 Figure E 4 EU Declaration of Conformity continued...