Hello,
We have almost 700 ESXi hosts in our farm. All these esxi hosts has two expired certs in the location (Please see the attachment): /etc/vmware/ssl
My ask is - is there anyway I can remove only the expired certs via a script for all the ESXi hosts?
Really appreciate the help in advance!
Hi,
You might place the question to the PowerCLI forum and ask Sensei @LucD .
Until then, see https://kb.vmware.com/s/article/2015600 .
To avoid security&compliance post-issues, a patch solution must be discussed. How to tag deletable files? How to prevent system files? How to prevent mass virus-like treatment?
You initially asked about a script. Here an untested powercli code snippet.
$hostx = get-content -path "1_of_700servers.txt"
$cred = Get-Credential -Message 'Enter ESXi readwrite credentials'
$cmdsub = @'
rm -rf /etc/vmware/ssl/rui.crt.bkp.20221108
rm -rf /etc/vmware/ssl/rui.key.bkp.20221108
'@
foreach ($esxName in $hostx)
{
try {
Connect-VIServer $esxName
$esx = Get-VMHost -Name $esxName
$session = New-SSHSession -ComputerName $esx.Name -Credential $cred –AcceptKey
$result = Invoke-SSHCommand -SSHSession $session -Command $cmdSub
Remove-SSHSession -SSHSession $session | Out-Null
}
catch {}
}
Hi,
You might place the question to the PowerCLI forum and ask Sensei @LucD .
Until then, see https://kb.vmware.com/s/article/2015600 .
Please refer this VMware : Managing vSphere Certificates with PowerCLI | MarketScreener
To avoid security&compliance post-issues, a patch solution must be discussed. How to tag deletable files? How to prevent system files? How to prevent mass virus-like treatment?
You initially asked about a script. Here an untested powercli code snippet.
$hostx = get-content -path "1_of_700servers.txt"
$cred = Get-Credential -Message 'Enter ESXi readwrite credentials'
$cmdsub = @'
rm -rf /etc/vmware/ssl/rui.crt.bkp.20221108
rm -rf /etc/vmware/ssl/rui.key.bkp.20221108
'@
foreach ($esxName in $hostx)
{
try {
Connect-VIServer $esxName
$esx = Get-VMHost -Name $esxName
$session = New-SSHSession -ComputerName $esx.Name -Credential $cred –AcceptKey
$result = Invoke-SSHCommand -SSHSession $session -Command $cmdSub
Remove-SSHSession -SSHSession $session | Out-Null
}
catch {}
}