RobMokkink
Expert
Expert

check certificate

Jump to solution

I there a way i can check if there are any warnings with the certificate? Like for instance use the connect-viserver statement.

I want to make sure that the certificate i replaced i oke.

0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership

True, but there is, in my opinion, an easier method than the Transcript method.

If you do

$cmd = "Connect-ViServer -Server <your-vcenter-name>"
$t = powershell.exe -command $cmd

you will have in the variable $t the connect messages (warnings included).

Note that you can not specify -noprofile and that the profile should load the PowerCLI pssnapin.

____________

Blog: LucD notes

Twitter: lucd22


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

0 Kudos
12 Replies
LucD
Leadership
Leadership

Can't you capture the output of the Connect-VIServer cmdlet in a variable and check the content with a "match" or regex expression ?

____________

Blog: LucD notes

Twitter: lucd22


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

RobMokkink
Expert
Expert

Hi luc,

That is a good idea. I will have a look.

0 Kudos
RvdNieuwendijk
Leadership
Leadership

You can use the Start-Transcript cmdlet to capture the warning output of the Connect-VIserver cmdlet. Something like:

Start-Transcript -Path Transcript.txt
Connect-VIserver vCenterServer
Stop-Transcript
$CertificateWarning = $false
Get-Content Transcript.txt | ForEach-Object {
  if ($_ -like  "WARNING: There were one or more problems with the server certificate:") {
    $CertificateWarning = $true
  }
}

Regards, Robert

Blog: https://rvdnieuwendijk.com/ | Twitter: @rvdnieuwendijk | Author of: https://www.packtpub.com/virtualization-and-cloud/learning-powercli-second-edition
0 Kudos
RobMokkink
Expert
Expert

thanks for the handy snippet.

But i think i can do the same with:

$CHECK_CON = connect-viserver -server &lt;esxhost&gt; | out-string

And do some parsing there. I can split the lines using a 10 so i can examine each line.

0 Kudos
RvdNieuwendijk
Leadership
Leadership

That will not work because the warning stream is a different stream and the Out-String cmdlet does not output the warning stream.

Blog: https://rvdnieuwendijk.com/ | Twitter: @rvdnieuwendijk | Author of: https://www.packtpub.com/virtualization-and-cloud/learning-powercli-second-edition
0 Kudos
LucD
Leadership
Leadership

True, but there is, in my opinion, an easier method than the Transcript method.

If you do

$cmd = "Connect-ViServer -Server <your-vcenter-name>"
$t = powershell.exe -command $cmd

you will have in the variable $t the connect messages (warnings included).

Note that you can not specify -noprofile and that the profile should load the PowerCLI pssnapin.

____________

Blog: LucD notes

Twitter: lucd22


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

0 Kudos
RvdNieuwendijk
Leadership
Leadership

Luc, you are right. That works also. What is easier is a matter of taste ;-). I changed your script into:

$cmd = "Add-PsSnapin VMware.VimAutomation.Core ; Connect-ViServer -Server <your-vcenter-name>"
$t = powershell.exe -command $cmd

to not have to load the PowerCLI snapin from the profile.

Blog: https://rvdnieuwendijk.com/ | Twitter: @rvdnieuwendijk | Author of: https://www.packtpub.com/virtualization-and-cloud/learning-powercli-second-edition
LucD
Leadership
Leadership

There is no messing with an external file, that's why I consider it easier.

If you want to load the PowerCLI snapin like that, you can add -noprofile.

____________

Blog: LucD notes

Twitter: lucd22


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
RobMokkink
Expert
Expert

Thanks guys.

I can continue with checking the certificates. Because i really want the certificate check automated, because of security reasons.

0 Kudos
RobMokkink
Expert
Expert

I execute it as follows:

$t = powershell -noprofile -command $CMD | out-string

if ($t.contains("WARNING:"))

{

return $False

}

else

{

return $True

}

I tested it a couple of times, and it works really well.

For uploading the key and cert is rely on scp, i know not the most beatiful solution, but i disable ssh services right after that.

0 Kudos
LucD
Leadership
Leadership

Rob, I suspect you can leave out the pipe to Out-String.

Or did you encounter a case where it's needed ?

____________

Blog: LucD notes

Twitter: lucd22


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
RobMokkink
Expert
Expert

The out-string is need, because you get an error that contains method cannot be used on a object.

0 Kudos