Hello,
We are using custom Machine SSL cert of many vCenters. Is there any option we can find the expiry of that machine SSL certs?
'Get-STSCerts.ps1' showing only the STS expiry date.
Can someone please help me ?
Did you try Alan's script in Automating SSL Checks for vCenter and Host Certificates
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Hello @LucD ,
Yes I tried that earlier. And yes it is also showing the STS expiry date. Any other suggestion please ?
In that case use an SSH session (via Open-Ssh) to your VCSA and use the /usr/lib/vmware-vmafd/bin/vecs-cli command to list the certificates.
From the Validity - Not After you can extract the expiration date.
See also KB2111411
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Hello @LucD ,
Yes that I can get. Connecting to vCenter via putty and run the command to can get the expiry of Machine SSL. This is how I am checking the expiry date now. Like I said we have many vCenters that needs to check the expiry date. So here I am looking a script something like what you mentioned earlier (Alan's script / Get-STSCerts.ps1) that can find the machine SSL expiry of a bulk vCenters.
You can script that as well against multiple vCenters.
You could use Posh-Ssh instead of putty which makes it a lot easier.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
@LucD , then it would be really great. I never tried posh-ssh so far. If you can please give me the instruction then it would be really helpful since I never tried this before.
1. Connect multiple vCenters
2. Run the command '/usr/lib/vmware-vmafd/bin/vecs-cli entry list --store MACHINE_SSL_CERT --text | less' against those multiple vCenters.
3. Disconnect the session from multiple vCenters.
Anyone can please help me here?