Certificate Troubleshooting

• Ensure that the device is running at least SLX-OS 20.1.x.
• Ensure that the time on the SLX device and the time on the EFA host device are synchronized.
• Ensure that the certificates are installed. Run the efa certificate device install command.

• Run the following REST API to get the expiry date of all the certificates of EFA:
  

  curl -X GET 'https://<vip>:8078/v1/monitor/certificate/expiry' --header 'Authorization:Bearer eyJhbGciOiJSUzI… ‘.

• Run the following openssl command:
  

  extreme@tpvm:~$ openssl x509 -in <Location of the certificate> -noout -enddate

1018 AUDIT, 2021/10/14-17:26:57 (GMT), [SEC-3021], INFO, SECURITY, extreme/root/10.20.32.141/ssh/CLI,, SLX, Event: login, Status: failed, Info: Failed login attempt through REMOTE, IP Addr: 10.20.32.141

1017 AUDIT, 2021/10/14-17:26:55 (GMT), [SEC-3020], INFO, SECURITY, admin/admin/10.20.32.141/ssh/CLI,, SLX8720-32C, Event: login, Status: success, Info: Successful login attempt via REMOTE, IP Addr: 10.20.32.141

1002 AUDIT, 2021/10/14-17:26:41 (GMT), [SEC-3020], INFO, SECURITY, admin/admin/10.20.32.141/ssh/CLI,, SLX8720-32C, Event: login, Status: success, Info: Successful login attempt via NETCONF, IP Addr: 10.20.32.141

• Ensure that you have correctly followed the system restore process.
• Ensure that all the devices are registered.
• Ensure that the certificates are installed on the devices to enable secure connections. Run the efa certificate device install --ips <ip-adddr> certType [ http|token] command to install the HTTPS or OAuth2 certificate on one or more devices..