Image Download over HTTPS

Support has been added for downloading images to flash memory over HTTPS. HTTPS image download involves downloading of an image from the remote HTTPS server to either the primary or secondary partition in a simple process.

After the copy https flash command is executed specifying the URL to the image file on the server (including IP address, port, path, and file name), an HTTP request is issued to download an image from the server. The response to the HTTP request contains the binary image in the body. After the image is downloaded by the HTTPS client, the data is written to a file in a specific location and image installation begins for either the primary or secondary partition.

Considerations for downloading images over HTTPS

  • The flash memory is locked for the entire image download and installation process.
  • Primary and secondary images are supported.
  • The HTTPS client uses the device certificate when it is connected to the a SZ server. In other cases it can connect to a server, for example a Linux HTTPS server, without a device certificate.
  • The remote end must serve the ICX image, either by a web server or have a web service providing the image for the URL specified in the HTTP request.
  • No special HTTP headers are required.
  • Image download over HTTPS is not available in FIPS or CC mode.
  • Only IPv4 HTTPS download is supported.
  • A successful HTTPS download provides a 200 response code.
  • If a unified forwarding image (UFI) is specified, the UFI consists of the application image, the boot code image and the signature in one unified file. For more information on the UFI, refer to the Software Upgrade and Downgrade chapter in the RUCKUS FastIron Software Upgrade Guide.

Downloading an image from a web server to flash memory

The following example copies the “SPR08070b1.bin” image from the HTTPS server to the flash primary partition. IP address 10.1.1.1 is specified and port 876 is specified.


device# copy https flash 10.1.1.1 SPR08070b1.bin primary port 876

The following example copies the “SPR08070b1.bin” image from the HTTPS server to the flash secondary partition. IP address 10.2.1.1 is specified. Because no port is specified, the default of 443 is used.


device# copy https flash 10.2.1.1 SPR08070b1.bin secondary

The following example copies a primary UFI image file from the HTTPS server to the flash primary partition. IP address 10.2.1.1 is specified and port 700 is specified. The UFI consists of the application image, the boot code image, and the FI signature in one unified file.


device# copy https flash 10.2.1.1 SPR08080b1ufi.bin primary port 700