VMware Cloud Community
jvm2016
Hot Shot
Hot Shot
‎05-10-2019 02:42 AM

SSl Certificates_powercli

Hi Luc,

how to check sslcertificates validity using powercli .

also  in what sceneriosdo we need to replace VMCA to  third partycertificatuin authority ?

Tags (1)
0 Kudos
4 Replies
LucD
Leadership
Leadership
‎05-10-2019 04:43 AM

Afaik, there are no public API available to check the validity of those certificates (I wish there were).
You can activate an Alarm which will be triggered before a certificate expires.
You can control how far in advance that event will be given with the VCSA advanced setting vpxd.cert.threshold

As stated in Certificate Management Overview the choice depends on what your local requirements are.
In short (and in my opinion), there are no technical reasons or advantages to replace the VMCA, but there might be local policy requirements.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
jvm2016
Hot Shot
Hot Shot
‎05-12-2019 06:21 PM

Thanks Luc.

0 Kudos
jvm2016
Hot Shot
Hot Shot
‎05-12-2019 10:08 PM

i got following from net ,

https://michaelryom.dk/validate-ssl-expiration-date/

to check expiration dates iam not sure what method is being folllowed.however can yu check this and suggest if it is working at yur end.

0 Kudos
LucD
Leadership
Leadership
‎05-12-2019 10:29 PM

Yes, this seems to work for ESXi nodes and the VCSA.

It uses the .Net ServerCertificateValidationCallback method.

Nice find.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos