Managing NetVisor OS Certificates

Arista Networks includes the NetVisor OS certificates along with the switches during shipment and you can access the certificates from /var/nvos/certs directory.  These certificates are necessary for communication between switches in a fabric and hinders the transactions between fabric members if the certificate expires. You can view the validity (dates valid from and dates valid until) for NetVisor OS certificate using the switch-info-show command.

When you configure the alarm, the certificate is checked every 24 hours and an alarm is issued if the number of days of expiry is equal to or less than 30 days . The certificate expiry alert is enabled by default for 30 days, but can configured between 7 days through 180 days on NetVisor OS. You can  disable this feature  using the cert-expiration-alert-modify no-netvisor command.  

You can view the certificate expiration alert or alarm configuration by  using the cert-expiration-alert-show command and can  schedule an alert notification before the certificate expires.  You can view the alarm or alert notification in the  event.log file and  also by running the log-alert-show command. You can also  configure  a new SNMP trap for certificate expiry on the  SNMP services. 

Alarm is an event in the event log, an alert in log-alert-show command and a new SNMP trap if the trap server is configured. Frequency of alarm will be every 24 hours until the certificate has expired.

To configure the certificate expiry alert, use the command:

CLI (network-admin@switch01) > cert-expiration-alert-modify

Specify one or more of the following options:


Specify whether to enable or disable NetVisor OS certificate expiration alerts.

days-before-expiration 7..180

Modify the number of days before expiration to send alerts (Default 30 days). The value ranges from  7 through 180 days.

To view the alert configuration for the certificate expiry, use the command:

CLI (network-admin@switch01) > cert-expiration-alert-show

switch:                                 switch01

days-before-expiration(d):                 30

To enable or disable the SNMP trap for certificate expiry alert, use the command:

CLI (network-admin@switch01) > snmp-trap-enable-modify cert-expiry|no-cert-expiry



Specify whether to monitor certificate expiry or not.

To view the alert configuration details older than an hour, use the command:

CLI (network-admin@switch01) > log-alert-show older-than 1h 

time      switch     code          name                       count           last-message

-------- ----------         -----         ------------------         -----         ------------------------------

00:17:05  switch01         31008         smf_nvOSd_stop               1     SMF Service stopping nvOSd

00:17:08  switch01         11008         nvOSd_start                  1     version 5.1.5010014665

00:35:49  switch01         31016         certificate_expiry           1     switch cert expiring in 19 days

The switch-info-show command displays the validity (dates valid from and dates valid until) for NetVisor OS certificate.  For example,

CLI (network-admin@nru03-sw-1*) > switch-info-show

model:                    NRU03

chassis-serial:           1937ST9100075

cpu1-type:                Intel(R) Xeon(R) CPU D-1557 @ 1.50GHz

cpu2-type:                Intel(R) Xeon(R) CPU D-1557 @ 1.50GHz

cpu3-type:                Intel(R) Xeon(R) CPU D-1557 @ 1.50GHz

cpu4-type:                Intel(R) Xeon(R) CPU D-1557 @ 1.50GHz

system-mem:               30.6G

switch-device:            OK

fan1-status:              OK

fan2-status:              OK

fan3-status:              OK

fan4-status:              OK

fan5-status:              OK

fan6-status:              OK

fan7-status:              OK

fan8-status:              OK

fan9-status:              OK

fan10-status:             OK

fan11-status:             OK

fan12-status:             OK

ps1-status:               OK

ps2-status:               OK

disk-model:               Micron_1300_MTFDDAV256TDL

disk-firmware:            M5MU000

disk-size:                238G

disk-type:                Solid State Disk, TRIM Supported

bios-vendor:              American Megatrends Inc.

bios-version:             1.00.00

netvisor-cert-valid-from: Sep 13 07:00:00 2019 GMT

netvisor-cert-valid-till: Sep 14 06:59:59 2039 GMT