Managing Netvisor ONE Certificates


Pluribus Networks includes the Netvisor ONE certificates along with the switches during shipment and you can access the certificates from /var/nvos/certs directory.  These certificates are necessary for communication between switches in a fabric and hinders the transactions between fabric members if the certificate expires.


When you configure the alarm, the certificate is checked every 24 hours and an alarm is issued if the number of days of expiry is equal to or less than 30 days . The certificate expiry alert is enabled by default (30 days) on Netvisor ONE and can be disabled using the cert-expiration-alert-modify no-netvisor command.   Netvisor ONE also allows you to configure a desired frequency for alarm  notification from seven through 180 days .


You can verify the alert configuration certificate expiry by  using the cert-expiration-alert-show command and can  schedule an alert notification before the certificate expires.  You can view the alarm configuration from event.log and  log-alert-show, by default, and can also configure  a new SNMP trap for certificate expiry on  SNMP services.


To configure the certificate expiry alert, use the command:


CLI (network-admin@switch01) > cert-expiration-alert-modify


Specify one or more of the following options:


netvisor|no-netvisor

Specify whether to enable or disable Netvisor ONE certificate expiration alerts.

days-before-expiration 7..180

Modify the number of days before expiration to send alerts (Default 30 days).


To view the alert configuration for the certificate expiry, use the command:


CLI (network-admin@switch01) > cert-expiration-alert-show


switch:                                switch01

days-before-expiration(d):                30


To enable or disable the snmp trap for certificate expiry alert, use the command:


CLI (network-admin@switch01) > snmp-trap-enable-modify cert-expiry|no-cert-expiry

where,


cert-expiry|no-cert-expiry

Specify whether to monitor certificate expiry or not.




To view the alert configuration details older than an hour, use the command:


CLI (network-admin@switch01) > log-alert-show older-than 1h


time            switch            code          name                      count                last-message

-------- ----------        -----        ------------------        -----        ------------------------------

00:17:05        switch01                31008        smf_nvOSd_stop              1             SMF Service stopping nvOSd

00:17:08        switch01                11008        nvOSd_start                  1             version 5.1.5010014665

00:35:49        switch01                31016        certificate_expiry          1             switch cert expiring in 19 days