XCO uses JSON Web Tokens for authentication which uses RSA key pair for signing and verification of the tokens.
The certificate is valid for 10 years from the date of installation. It supports the following alerts which effects the health of XCO security subsystem:
For more information, see Fault Management - Alerts.
To renew or regenerate token signing certificate, use the following command:
(efa:extreme)extreme@tpvm:/apps$ efa certificate server renew --cert-type=token Certificate renewal is successful. --- Time Elapsed: 27.233017418s ---
After the token certificate is updated, it has to be pushed to all the registered devices. For more information about updating the certificates, see OAuth Certificate for SLX.
On renewal of the certificate, CertificateRenewalAlert is raised
which changes the health of the system to green.