Device Certificates
The HTTPS server certificate from EFA is presented to a client when that client connects
to its northbound interface.
During the registration of an SLX device in EFA, the following configuration changes are
made on the device.
- The public certificate for
verifying an EFA token is copied to the device as an OAuth2 certificate.
- A syslog certificate is installed
on the device.
- EFA generates the HTTPS
certificate for the SLX device. The certificate is copied to the device, HTTP
mode is disabled on the device, and HTTPS is enabled on the device.
- OAuth2 is enabled as the primary
mode of authentication. Fallback is set to "local login."
- Managed devices contain the
expiration date of an inventory certificate. If a device certificate is within
30 days of expiration, it pushes an event to the notification using the get certs
command.
You can use the efa inventory
device list command to verify the status of the certificates on the
device. If the Cert/Key Saved
column contains "N," then certificates are not installed.
You can use the efa certificates
device install --ips <ip-adddr> certType [ http|token] command to
install the HTTPS or OAuth2 certificate on one or more devices.
