0

I have some expired cert. in VCSA, any idea how can I check them via curl ? Is it possible ? I think that I can check externaly only machine cert, right ? I would like to monitor it externaly.

cert output>
# for store in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list | grep -v TRUSTED_ROOT_CRLS); do echo "[*] Store :" $store; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $store --text | grep -ie "Alias" -ie "Not After";done;
[*] Store : MACHINE_SSL_CERT
Alias : __MACHINE_CERT
            Not After : Oct 13 08:01:02 2025 GMT
[*] Store : TRUSTED_ROOTS
Alias : 4a870d0c4b5cb4bd5048b071cd30382666a32e21
            Not After : Nov 22 15:04:03 2028 GMT
Alias : 54c2aa2dfd9718d7692c18311fd44d0551d78651
            Not After : Nov  7 12:50:21 2031 GMT
[*] Store : machine
Alias : machine
            Not After : Nov 12 12:42:09 2023 GMT
[*] Store : vsphere-webclient
Alias : vsphere-webclient
            Not After : Nov 12 12:42:10 2023 GMT
[*] Store : vpxd
Alias : vpxd
            Not After : Nov 12 12:42:10 2023 GMT
[*] Store : vpxd-extension
Alias : vpxd-extension
            Not After : Nov 12 12:42:11 2023 GMT
[*] Store : SMS

my script

openssl s_client -servername <FQDN> -connect <FQDN>:443 2>/dev/null | openssl x509 -noout -dates
Improve this question
2
  • Have you logged a case with vmw?
    – Chopper3
    yesterday
  • not yet, I am asking in general. If these are some internal certificates not exposed via http then I believe it is not possible.
    – andrew
    yesterday

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .