EFA Root CA

EFA is shipped with Root CA that is used to generate Intermediate CA. The Root CA is unique across each EFA and is generated during installation.

Location

TPVM: /apps/efadata/certs/ca/extreme-ca-root.pem
Server: /opt/efadata/certs/own/extreme-ca-root.pem

Expiry and Alerts

The EFA Root CA is valid till 20 years from the date of installation. It supports the following alerts which effects the health of EFA security subsystem:

CertificateExpiryNoticeAlert
CertificateExpiredAlert
CertificateUnreadableAlert

For more information, see Fault Management.

Renewal

To renew or regenerate the Root CA, run the renewal script efa_renew_certs.sh.

Note

In TPVM, the renewal script is available in /apps/efa/ and /opt/efa/ on a server installation.

sudo bash <path to the script>/efa_renew_certs.sh --type rootca

After the Root CA is updated,

New Intermediate CA is generated
New EFA Server Certificate is generated. If a third-party certificate is used, then the server certificate generation is skipped.

On renewal of certificate, CertificateRenewalAlert is raised which changes the health of the system to green.

Switching

Routing

Wireless

Management & Automation

Analytics & Visibility

Security & Access Control

Remote

Cloud

Security

Machine Learning

Campus Fabric

Data Center Fabric

Internet of Things

Wi-Fi 6

Primary & Secondary Education (K-12)

Retail

Service Providers

Federal Government

Manufacturing

Higher Education

Healthcare

Hospitality

State & Local Government

Sports & Public Venues

Support Portal

Knowledge Base

Documentation

End of Sale

Policies & Warranties

Training & Courses

Maintenance Services

Premier Services

Professional Services

Managed Services

EFA Root CA

Location

Expiry and Alerts

Renewal