Vcsa
Jump to navigation
Jump to search
Certificates
Checking certificates
for i in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list); do echo $i; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $i --text | grep -i "not after"; done;
Example output:
root@vcsa01 [ ~ ]# for i in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list); do echo $i; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $i --text | grep -i "not after"; done;
MACHINE_SSL_CERT
Not After : Jul 22 07:41:47 2025 GMT
TRUSTED_ROOTS
Not After : Jun 13 13:59:42 2030 GMT
Not After : Mar 31 02:05:40 2027 GMT
Not After : Mar 30 16:26:07 2027 GMT
Not After : Mar 31 09:33:20 2027 GMT
Not After : Apr 1 16:27:47 2027 GMT
Not After : Jun 23 15:59:12 2026 GMT
Not After : Jun 23 13:52:04 2026 GMT
Not After : Aug 19 13:31:53 2027 GMT
Not After : Sep 3 08:10:32 2029 GMT
Not After : Sep 11 07:13:12 2029 GMT
Not After : Apr 11 21:41:42 2030 GMT
Not After : May 21 19:53:38 2030 GMT
Not After : Jun 6 14:07:23 2030 GMT
Not After : Jun 14 12:23:24 2030 GMT
Not After : Jun 15 16:28:34 2030 GMT
Not After : Jun 17 08:57:47 2030 GMT
Not After : Jun 17 09:35:44 2030 GMT
Not After : Jun 17 10:03:29 2030 GMT
Not After : Jun 17 18:13:05 2030 GMT
Not After : Nov 22 22:33:58 2026 GMT
Not After : Nov 15 23:16:40 2036 GMT
Not After : Dec 7 17:55:54 2030 GMT
TRUSTED_ROOT_CRLS
machine
Not After : Jul 27 08:28:24 2023 GMT
vsphere-webclient
Not After : Jul 27 08:28:25 2023 GMT
vpxd
Not After : Jul 27 08:28:25 2023 GMT
vpxd-extension
Not After : Jul 27 08:28:26 2023 GMT
SMS
Not After : Jul 24 14:35:30 2029 GMT
APPLMGMT_PASSWORD
data-encipherment
Not After : Aug 19 13:31:53 2027 GMT
BACKUP_STORE
Not After : Jul 22 07:41:47 2025 GMT
root@vcsa01 [ ~ ]# ~
Certificate manager
/usr/lib/vmware-vmca/bin/certificate-manager
Example output:
root@vcsa01 [ ~ ]# /usr/lib/vmware-vmca/bin/certificate-manager
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
| |
| *** Welcome to the vSphere 6.7 Certificate Manager *** |
| |
| -- Select Operation -- |
| |
| 1. Replace Machine SSL certificate with Custom Certificate |
| |
| 2. Replace VMCA Root certificate with Custom Signing |
| Certificate and replace all Certificates |
| |
| 3. Replace Machine SSL certificate with VMCA Certificate |
| |
| 4. Regenerate a new VMCA Root Certificate and |
| replace all certificates |
| |
| 5. Replace Solution user certificates with |
| Custom Certificate |
| |
| 6. Replace Solution user certificates with VMCA certificates |
| |
| 7. Revert last performed operation by re-publishing old |
| certificates |
| |
| 8. Reset all Certificates |
|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|
Note : Use Ctrl-D to exit.
Option[1 to 8]:
Get certificate alias' from backup store
/usr/lib/vmware-vmafd/bin/vecs-cli entry list --store BACKUP_STORE --text
Example output:
root@vcsa01 [ ~ ]# /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store BACKUP_STORE --text Number of entries in store : 1 Alias : bkp___MACHINE_CERT Entry type : Private Key
Remove certificate from backup store
/usr/lib/vmware-vmafd/bin/vecs-cli entry delete --store BACKUP_STORE --alias ALIAS -y
Example output:
root@vcsa01 [ ~ ]# /usr/lib/vmware-vmafd/bin/vecs-cli entry delete --store BACKUP_STORE --alias bkp___MACHINE_CERT -y Certificate removed successfully root@vcsa01 [ ~ ]#
<comments />