EFA is shipped with self-signed certificates. You can also install third-party certificates. When these certificates expire, EFA will not be operational.
This service periodically checks the expiration status of certificates that the system generates and sends notifications when a certificate gets close to its expiration date.
A warning message is displayed if a certificate is going to expire in 30 days from EFA timestamp. If you do not renew the certificates within 7 days of expiry, a warning message is displayed on every login to the EFA CLI.
Following is a sample notification message if the certificate is going to expire in 30 days:
{"@time":"2022-04-06T23:59:12.924962 IST","level":"info","msg":"Handling AppNotificationEvent: \u0026{EventHeader:{EventID:APP_NTF.App_Event PublishTime:2022-04-06T23:59:12+05:30 Auth:{Basic:\u003cnil\u003e Token:\u003cnil\u003e} RequestID:} AppName:auth Severity:critical DeviceIP: Message:The certificate for 'EFA' will expire on '2022-04-08 14:43:43 +0530 IST'.}"}
Following is a sample warning message if the certificate is going to expire in 7 days:
(efa:extreme)extreme@tpvm:/apps/test/certs$ efa login Password: Login successful. Warning: The certificate for 'EFA' will expire on '2022-04-08 14:43:43 +0530 IST'. --- Time Elapsed: 5.532391719s ---
When you get a certificate expiry notification, run the following command to renew a certificate. This is not applicable if the third-party certificates are installed on the system.
(efa:xmcdev)xmcdev@xmcdev-virtual-machine1:/opt/checkouts/efa/efa$ efa certificate server renew Certificate renewal is successful --- Time Elapsed: 33.516064167s ---