Device Certificates

Device certificates are installed and configured during the SLX and TOS-SR device registration in XCO.

During the registration of an SLX device in XCO, the following certificates are installed on the device:

  1. OAuth Certificate: The public certificate for verifying an XCO token is copied to the device. This is the JWT Certificate described in XCO Certificates.
  2. Syslog Certificate: To push messages to XCO over port 6514.
  3. HTTPS Certificate: To enable secure communication with the clients.
During the registration of a TOS-SR device in XCO, the following certificates are installed on the device:
  1. GRPC Certificate: To enable secure communication with the clients.
  2. Syslog Certificate: To push messages to XCO over port 6514.

Along with the certificate installation, the following configuration changes are done on the registered SLX device:

  1. HTTP mode is disabled on the device, and HTTPS is enabled.
  2. OAuth2 is enabled as the primary mode of authentication. Fallback is set to "local login."
Along with the certificate installation, the following configuration change is done on the registered TOS-SR device:
  1. Configure the grpc-server
  2. Assign the certificate ID

Use the efa inventory device list command to verify the status of the certificates on the device. If the Cert/Key Saved column contains "N," then certificates are not installed.

9037858-01 RevAA