VMware Cloud Community
NeenaJim
Enthusiast
Enthusiast
‎01-11-2023 09:06 AM
Jump to solution

Expired certs

Hello,

We have almost 700 ESXi hosts in our farm.  All these esxi hosts has two expired certs in the location (Please see the attachment): /etc/vmware/ssl

My ask is -  is there anyway I can remove only the expired certs via a script for all the ESXi hosts?
Really appreciate the help in advance! 

NeenaJim_0-1673456702212.png

 

0 Kudos
2 Solutions

Accepted Solutions
DCasota
Expert
Expert
‎01-11-2023 11:51 AM
Jump to solution

Hi,

You might place the question to the PowerCLI forum and ask Sensei @LucD  .

Until then, see https://kb.vmware.com/s/article/2015600 .

View solution in original post

0 Kudos
DCasota
Expert
Expert
‎01-12-2023 06:23 AM
Jump to solution

To avoid security&compliance post-issues, a patch solution must be discussed. How to tag deletable files? How to prevent system files? How to prevent mass virus-like treatment?

You initially asked about a script. Here an untested powercli code snippet.

$hostx = get-content -path "1_of_700servers.txt"
$cred = Get-Credential -Message 'Enter ESXi readwrite credentials'

$cmdsub = @'
rm -rf /etc/vmware/ssl/rui.crt.bkp.20221108
rm -rf /etc/vmware/ssl/rui.key.bkp.20221108
'@


foreach ($esxName in $hostx)
{
try {
Connect-VIServer $esxName
$esx = Get-VMHost -Name $esxName
$session = New-SSHSession -ComputerName $esx.Name -Credential $cred –AcceptKey
$result = Invoke-SSHCommand -SSHSession $session -Command $cmdSub
Remove-SSHSession -SSHSession $session | Out-Null
}
catch {}
}

 

View solution in original post

0 Kudos
3 Replies
DCasota
Expert
Expert
‎01-11-2023 11:51 AM
Jump to solution

Hi,

You might place the question to the PowerCLI forum and ask Sensei @LucD  .

Until then, see https://kb.vmware.com/s/article/2015600 .

0 Kudos
DCasota
Expert
Expert
‎01-12-2023 06:23 AM
Jump to solution

To avoid security&compliance post-issues, a patch solution must be discussed. How to tag deletable files? How to prevent system files? How to prevent mass virus-like treatment?

You initially asked about a script. Here an untested powercli code snippet.

$hostx = get-content -path "1_of_700servers.txt"
$cred = Get-Credential -Message 'Enter ESXi readwrite credentials'

$cmdsub = @'
rm -rf /etc/vmware/ssl/rui.crt.bkp.20221108
rm -rf /etc/vmware/ssl/rui.key.bkp.20221108
'@


foreach ($esxName in $hostx)
{
try {
Connect-VIServer $esxName
$esx = Get-VMHost -Name $esxName
$session = New-SSHSession -ComputerName $esx.Name -Credential $cred –AcceptKey
$result = Invoke-SSHCommand -SSHSession $session -Command $cmdSub
Remove-SSHSession -SSHSession $session | Out-Null
}
catch {}
}

 

0 Kudos