Managing Netvisor ONE Certificates

Pluribus Networks includes the Netvisor ONE certificates along with the switches during shipment and you can access the certificates from /var/nvos/certs directory.  These certificates are necessary for communication between switches in a fabric and hinders the transactions between fabric members if the certificate expires.

When you configure the alarm, the certificate is checked every 24 hours and an alarm is issued if the number of days of expiry is equal to or less than 30 days . The certificate expiry alert is enabled by default (30 days) on Netvisor ONE and can be disabled using the cert-expiration-alert-modify no-netvisor command.   Netvisor ONE also allows you to configure a desired frequency for alarm  notification from seven through 180 days .

You can verify the alert configuration certificate expiry by  using the cert-expiration-alert-show command and can  schedule an alert notification before the certificate expires.  You can view the alarm configuration from event.log and  log-alert-show, by default, and can also configure  a new SNMP trap for certificate expiry on  SNMP services.

To configure the certificate expiry alert, use the command:

CLI (network-admin@switch01) > cert-expiration-alert-modify

Specify one or more of the following options:


Specify whether to enable or disable Netvisor ONE certificate expiration alerts.

days-before-expiration 7..180

Modify the number of days before expiration to send alerts (Default 30 days).

To view the alert configuration for the certificate expiry, use the command:

CLI (network-admin@switch01) > cert-expiration-alert-show

switch:                                switch01

days-before-expiration(d):                30

To enable or disable the snmp trap for certificate expiry alert, use the command:

CLI (network-admin@switch01) > snmp-trap-enable-modify cert-expiry|no-cert-expiry



Specify whether to monitor certificate expiry or not.

To view the alert configuration details older than an hour, use the command:

CLI (network-admin@switch01) > log-alert-show older-than 1h

time            switch            code          name                      count                last-message

-------- ----------        -----        ------------------        -----        ------------------------------

00:17:05        switch01                31008        smf_nvOSd_stop              1             SMF Service stopping nvOSd

00:17:08        switch01                11008        nvOSd_start                  1             version 5.1.5010014665

00:35:49        switch01                31016        certificate_expiry          1             switch cert expiring in 19 days