Certificate Troubleshooting

Issue Resolution
My device is registered but the certificates do not appear on the SLX device. Try the following:
  • Ensure that the device is running at least SLX-OS 20.1.x.
  • Ensure that the time on the SLX device and the time on the EFA host device are synchronized.
  • Ensure that the certificates are installed. Run the efa certificates device install command.
How do I verify the certificate provided by EFA through its ingress interface? Run the following command. The output should indicate that efa.extremenetworks.com is present.

$ openssl s_client -connect <EFA_IP_ADDR>:443

There is a security violation on the switch when EFA (installed on TPVM) logs in and tries to access the switch with different usernames. You observe the following logs on SLX console:

1018 AUDIT, 2021/10/14-17:26:57 (GMT), [SEC-3021], INFO, SECURITY, extreme/root/10.20.32.141/ssh/CLI,, SLX, Event: login, Status: failed, Info: Failed login attempt through REMOTE, IP Addr: 10.20.32.141

1017 AUDIT, 2021/10/14-17:26:55 (GMT), [SEC-3020], INFO, SECURITY, admin/admin/10.20.32.141/ssh/CLI,, SLX8720-32C, Event: login, Status: success, Info: Successful login attempt via REMOTE, IP Addr: 10.20.32.141

1002 AUDIT, 2021/10/14-17:26:41 (GMT), [SEC-3020], INFO, SECURITY, admin/admin/10.20.32.141/ssh/CLI,, SLX8720-32C, Event: login, Status: success, Info: Successful login attempt via NETCONF, IP Addr: 10.20.32.141

 Try the following:
  • Ensure that you have correctly followed the system restore process.
  • Ensure that all the devices are registered.
  • Ensure that the certificates are installed on the devices to enable secure connections. Run the efa certificates device install --ips <ip-adddr> certType [ http|token] command to install the HTTPS or OAuth2 certificate on one or more devices..
9037502-00 Rev AA