Did you try Alan's script in Automating SSL Checks for vCenter and Host Certificates

Hello @LucD ,

Yes I tried that earlier. And yes it is also showing the STS expiry date. Any other suggestion please ?

In that case use an SSH session (via Open-Ssh) to your VCSA and use the /usr/lib/vmware-vmafd/bin/vecs-cli command to list the certificates.

From the Validity - Not After you can extract the expiration date.

See also KB2111411

Hello @LucD ,

Yes that I can get. Connecting to vCenter via putty and run the command to can get the expiry of Machine SSL. This is how I am checking the expiry date now. Like I said we have many vCenters that needs to check the expiry date. So here I am looking a script something like what you mentioned earlier (Alan's script / Get-STSCerts.ps1) that can find the machine SSL expiry of a bulk vCenters.

You can script that as well against multiple vCenters.
You could use Posh-Ssh instead of putty which makes it a lot easier.

@LucD , then it would be really great. I never tried posh-ssh so far. If you can please give me the instruction then it would be really helpful since I never tried this before.

1. Connect multiple vCenters

2. Run the command '/usr/lib/vmware-vmafd/bin/vecs-cli entry list --store MACHINE_SSL_CERT --text | less' against those multiple vCenters.

3. Disconnect the session from multiple vCenters.

Anyone can please help me here?