efa certificate device install

Installs HTTPS and OAuth2 certificates on SLX devices, and GRPC certificates on TOS-SR devices..

Syntax

efa certificate device install [ --ip ip-addr | --fabric fabric-name | --certType { https | token | grpc }| --https-certificate | --https-key | --grpc-certificate| --grpc-key| --force ]

Command Default

By default, certificates are not installed.

Parameters

--ip ip-addr
Specifies a comma-separated list of the IP addresses of the SLX devices on which you want to install the certificate. Example: 10.1.1.13,10.1.1.50,10.1.1.101.
--fabric fabric-name
Specifies the name of the fabric.
--certType { https | token | grpc }
Specifies the type of certificate you are installing.
--https-certificate
Specifies the file name of the certificate.
--https-key
Specifies the file name of the certificate key.
--grpc-certificate
Specifies the file name of the grpc certificate.
--grpc-key
Specifies the file name of the grpc certificate key.
--force
Update the certificate even if it is already present.

Usage Guidelines

During the registration of an SLX device in XCO, the following configuration changes are made on the device:
  • The public certificate for verifying an XCO token is copied to the device as an OAuth2 certificate.
  • XCO generates the HTTPS certificate for the SLX device. The certificate is copied to the device, HTTP mode is turned off on the device, and HTTPS is enabled on the device.
  • OAuth2 is enabled as the primary mode of authentication. Fallback is set to "local login."
During the registration of a TOS-SR device in XCO, the following configuration changes are made on the device:
  • XCO generates the GRPC certificate and key for the TOS-SR device. The certificate and key are imported into the device.
  • Configure the grpc-server with certificate id.

You can use the efa inventory device list command to verify the status of the certificates on the device. If the Cert/Key Saved column contains "N," then certificates are not installed. You can then use the efa certificates device install command to install the certificates.

Examples

This example installs the HTTPS certificate on two devices.

efa certificates device install --ip 10.139.44.147-148 --certType https  
	 		
+---------------+---------+  
|  IP Address     | Status  |  
+---------------+---------+  
| 10.139.44.148 | Success |  
+---------------+---------+  
| 10.139.44.147 | Success |  
+---------------+---------+  

This example installs the HTTPS certificate the devices in fabric fabric1. It will update the certificates even if already present.

efa certificates device install -–fabric fabric1 --certType https --force  
	 		
+---------------+---------+  
|  IP Address     | Status  |  
+---------------+---------+  
| 10.139.44.148 | Success |  
+---------------+---------+  
| 10.139.44.147 | Success |  
+---------------+---------+