Generating Keys and Certificates
When in FIPS mode, most secrets, with the exception of aerisadmin.crt, will be generated using the Arista Crypto Module.
| Secret Name | Type | Component | Generated with FIPS crypto | Notes |
|---|---|---|---|---|
| ca.key | Key | Yes | ||
| ca.crt | Certificate | Yes | ||
| nginx_server.keyand server.key | Key | nginx | Yes | |
| nginx_server.crt and server.crt | Certificate | nginx | Yes | |
| member.key | Key | etcd | Yes | |
| member.crt | Certificate | etcd | Yes | |
| aerisadmin.key | Key | aeris | Yes | Generated using openssl |
| aerisadmin.crt | Certificate | aeris | No | Signed using go crypto |
Note:For FIPS Phase 1, only the server.key
and server.crt are required to be generated using the Arista
Crypto Module since those are used by the NGINX server.