JWT Certificate

EFA uses JSON Web Tokens for authentication which uses RSA key pair for signing and verification of the tokens.


Expiry and Alerts

The certificate is valid till 10 years from the date of installation. It supports the following alerts which effects the health of EFA security subsystem:

For more information, see Fault Management.


To renew or regenerate token signing certificate, use the following command:

(efa:extreme)extreme@tpvm:/apps$ efa certificate server renew --cert-type=token
Certificate renewal is successful.
--- Time Elapsed: 27.233017418s ---

After the token certificate is updated, it has to be pushed to all the registered devices. For more information about updating the certificates, see OAuth Certificate for SLX.

On renewal of the certificate, CertificateRenewalAlert is raised which changes the health of the system to green.