Generating Keys and Certificates

When in FIPS mode, most secrets, with the exception of aerisadmin.crt, will be generated using the Arista Crypto Module.

Table 1. Generating Keys and Certificates
Secret Name Type Component Generated with FIPS crypto Notes
ca.key Key Yes
ca.crt Certificate Yes
nginx_server.keyand server.key Key nginx Yes
nginx_server.crt and server.crt Certificate nginx Yes
member.key Key etcd Yes
member.crt Certificate etcd Yes
aerisadmin.key Key aeris Yes Generated using openssl
aerisadmin.crt Certificate aeris No Signed using go crypto
Note:For FIPS Phase 1, only the server.key and server.crt are required to be generated using the Arista Crypto Module since those are used by the NGINX server.