The HTTPS server certificate from EFA is presented to a client when that client connects to its northbound interface.
$ efa certificates server –-certificate <cert-filename> --key <key-filename> [ --configfile <config-filename ]
The EFA_INSTALL_DIR
environment variable specifies where the EFA configuration file can be found. The
optional configuration file can be used to specify a different file than the
efa.conf
file used by EFA for its settings.
Important
If you install your own server certificate to use with the EFA HTTPS server, remember to reinstall the certificate when you upgrade EFA.You can use the efa inventory device list command to verify the status of the certificates on the device. If the Cert/Key Saved column contains "N," then certificates are not installed.
You can use the efa certificates device install --ips <ip-adddr> certType [ http|token] command to install the HTTPS or OAuth2 certificate on one or more devices.
Subject: CN=efa.extremenetworks.com …… X509v3 Subject Alternative Name: DNS:efa.extremenetworks.com, IP Address:127.0.0.1, IP Address:10.24.15.173
Subject: CN=efa.extremenetworks.com …… X509v3 Subject Alternative Name: DNS:efa.extremenetworks.com, IP Address:127.0.0.1, IP Address:10.24.15.178, IP Address:10.24.15.174, IP Address:10.24.15.253
Issue | Resolution |
---|---|
My device is registered but the certificates do not appear on the SLX device. | Try the following:
|
How do I check the certificate provided by EFA through its ingress interface? | Run the following command. The output should indicate that
efa.extremenetworks.com is present.
|