Listing certificate expiry dates on Vcenter appliance
VMWare
(certificates)
Monday, 13 July 2020
by paul
VMware vCenter Appliances uses a number of certificates. The following process can be used to check the certificate store and list all certificates and their expiry date.
- SSH to vCenter Appliance as root
- Enter "SHELL" to start bash shell
- Enter "for i in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list); do echo STORE $i; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $i --text | egrep "Alias|Subject:|Not After"; done"
- Output is displayed:
STORE MACHINE_SSL_CERT
Alias : __MACHINE_CERT
Not After : Jun 26 16:18:27 2022 GMT
Subject: C=UK, ST=California, L=Palo Alto, O=Company Ltd, OU=VMware Engineering, CN=vcenterapp01.sphere.local
STORE TRUSTED_ROOTS
Alias : 0a3e7d71b8e1b1596f52cb3546bfb332b5b45393
Not After : Jul 4 11:12:39 2028 GMT
Subject: CN=CA, DC=vsphere, DC=local, C=US, ST=California, O=vcenterapp01.sphere.local, OU=VMware Engineering
Alias : 52dd8ea3112d50bdf34a86e0d663b90408c62685
Not After : Nov 21 09:58:50 2024 GMT
Subject: DC=local, DC=company, CN=Company CA
Alias : 3346d1d1e0c2489ca6b5c71e7ffdb4f468cad4a3
Not After : Jul 5 18:26:37 2030 GMT
Subject: CN=vcenterapp01.vsphere.local, DC=vsphere, DC=local, C=UK, ST=California, O=vcenterapp01.vsphere.local, OU=VMware Engineering
STORE TRUSTED_ROOT_CRLS
Alias : d88231de84f4be24edbe1b2c155757e943fdf9ea
Alias : 0f1eb8fe5c431c6eafe6b1debfaa2c7ffa20de0d
STORE machine
Alias : machine
Not After : Jul 5 18:26:37 2030 GMT
Subject: CN=machine-32ee2d39-152d-442f-bf31-3d19fb35c19d, C=UK, ST=California, L=Palo Alto, O=Company Ltd, OU=VMware Engineering
STORE vsphere-webclient
Alias : vsphere-webclient
Not After : Jul 5 18:26:37 2030 GMT
Subject: CN=vsphere-webclient-32ee2d39-152d-442f-bf31-3d19fb35c19d, C=UK, ST=California, L=Palo Alto, O=Company Ltd, OU=VMware Engineering
STORE vpxd
Alias : vpxd
Not After : Jul 5 18:26:37 2030 GMT
Subject: CN=vpxd-32ee2d39-152d-442f-bf31-3d19fb35c19d, C=UK, ST=California, L=Palo Alto, O=Company Ltd, OU=VMware Engineering
STORE vpxd-extension
Alias : vpxd-extension
Not After : Jul 5 18:26:37 2030 GMT
Subject: CN=vpxd-extension-32ee2d39-152d-442f-bf31-3d19f6n5c19d, C=UK, ST=California, L=Palo Alto, O=Company Ltd, OU=VMware Engineering
STORE SMS
Alias : sms_self_signed
Not After : Jul 10 11:20:36 2028 GMT
Subject: O=VMware, CN=SMS-180729112031876
STORE APPLMGMT_PASSWORD
Alias : location_password_default
STORE data-encipherment
Alias : data-encipherment
Not After : Jul 4 11:12:39 2028 GMT
Subject: CN=data-encipherment, DC=vsphere, DC=local, C=US, OU=mID-32ee2d39-152d-442f-bf31-3d19fb35c19d
STORE BACKUP_STORE
Alias : bkp___MACHINE_CERT
Not After : Jul 5 18:26:37 2030 GMT
Subject: CN=vcenterapp01.vsphere.local, C=UK, ST=California, L=Palo Alto, O=Company Ltd, OU=VMware Engineering
Alias : bkp_machine
Not After : Jul 5 18:26:37 2030 GMT
Subject: CN=machine-32ee2d39-152d-442f-bf31-3d19fb35c19d, C=UK, ST=California, L=Palo Alto, O=Company Ltd, OU=VMware Engineering
Alias : bkp_vsphere-webclient
Not After : Jul 5 18:26:37 2030 GMT
Subject: CN=vsphere-webclient-32ee2d39-152d-442f-bf31-3d19fb35c19d, C=UK, ST=California, L=Palo Alto, O=Company Ltd, OU=VMware Engineering
Alias : bkp_vpxd
Not After : Jul 5 18:26:37 2030 GMT
Subject: CN=vpxd-32ee2d39-152d-442f-bf31-3d19fb35c19d, C=UK, ST=California, L=Palo Alto, O=Company Ltd, OU=VMware Engineering
Alias : bkp_vpxd-extension
Not After : Jul 5 18:26:37 2030 GMT
Subject: CN=vpxd-extension-32ee2d39-152d-442f-bf31-3d19ced35c19d, C=UK, ST=California, L=Palo Alto, O=Company Ltd, OU=VMware Engineering
Inspect all the "Not After" date. If any certificates are about to expire then the certificate manager can be used to generate a new certificate.
|