OAuth Certificate

JWT Verifier from XCO is pushed to SLX during registration.

SLX# show crypto ca certificates
oauth2 certificate(OAuth2 token signature validation):
SHA1 Fingerprint=57:55:2F:7A:F0:DB:23:CF:37:67:8D:AE:82:35:D8:2D:18:00:17:9E
Subject: C=US, ST=CA, O=Extreme Networks, OU=Extreme Fabric Automation,
CN=extremenetworks.com
Issuer: C=US, ST=CA, O=Extreme Networks, OU=Extreme Fabric Automation,
CN=extremenetworks.com
Not Before: Sep 2 13:26:27 2022 GMT
Not After : Aug 30 13:26:27 2032 GMT

Expiry and Alerts

Legacy notification is sent to the user if the certificate is going to expire in 30 days. It supports the following alerts which effects the health of XCO security subsystem:

DeviceCertificateExpiryNoticeAlert
DeviceCertificateExpiredAlert
DeviceCertificateUnreadableAlert

For more information, see Fault Management - Alerts.

Upload or Renewal

To upload the token signing certificate to the device, run the following command:

(efa:extreme)extreme@tpvm:~$ efa certificate device install --ip=10.x.x.x --certtype=
token
+-------------+---------+
| IP Address  | Status  |
+-------------+---------+
| 10.x.x.x    | Success |
+-------------+---------+
---Time Elapsed: 27.233017418s ---

For more information about updating the certificates, see Manual Installation of Certificates on Devices.

On renewal of certificate, CertificateRenewalAlert is raised which changes the health of the system to green.