EFA Root CA
EFA is shipped with Root CA that is used to generate Intermediate CA. The Root CA is unique across each EFA and is generated during installation.
- TPVM: /apps/efadata/certs/ca/extreme-ca-root.pem
- Server: /opt/efadata/certs/own/extreme-ca-root.pem
Expiry and Alerts
The EFA Root CA is valid till 20 years from the date of installation. It supports the following alerts which effects the health of EFA security subsystem:
For more information, see Fault Management.
To renew or regenerate the Root CA, run the renewal script efa_renew_certs.sh.
NoteIn TPVM, the renewal script is available in /apps/efa/ and /opt/efa/ on a server installation.
sudo bash <path to the script>/efa_renew_certs.sh --type rootca
After the Root CA is updated,
- New Intermediate CA is generated
- New EFA Server Certificate is generated. If a third-party certificate is used, then the server certificate generation is skipped.
On renewal of certificate,
CertificateRenewalAlert is raised which changes the health of the
system to green.