Vcsa: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| (4 intermediate revisions by the same user not shown) | |||
| Line 52: | Line 52: | ||
===Certificate manager=== | ===Certificate manager=== | ||
<pre>/usr/lib/vmware-vmca/bin/certificate-manager</pre> | <pre>/usr/lib/vmware-vmca/bin/certificate-manager</pre> | ||
Example output: | |||
<pre style="color: silver; background: black; width: 800px"> | |||
root@vcsa01 [ ~ ]# /usr/lib/vmware-vmca/bin/certificate-manager | |||
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | |||
| | | |||
| *** Welcome to the vSphere 6.7 Certificate Manager *** | | |||
| | | |||
| -- Select Operation -- | | |||
| | | |||
| 1. Replace Machine SSL certificate with Custom Certificate | | |||
| | | |||
| 2. Replace VMCA Root certificate with Custom Signing | | |||
| Certificate and replace all Certificates | | |||
| | | |||
| 3. Replace Machine SSL certificate with VMCA Certificate | | |||
| | | |||
| 4. Regenerate a new VMCA Root Certificate and | | |||
| replace all certificates | | |||
| | | |||
| 5. Replace Solution user certificates with | | |||
| Custom Certificate | | |||
| | | |||
| 6. Replace Solution user certificates with VMCA certificates | | |||
| | | |||
| 7. Revert last performed operation by re-publishing old | | |||
| certificates | | |||
| | | |||
| 8. Reset all Certificates | | |||
|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _| | |||
Note : Use Ctrl-D to exit. | |||
Option[1 to 8]: | |||
</pre> | |||
===Get certificate alias' from backup store=== | ===Get certificate alias' from backup store=== | ||
<pre>/usr/lib/vmware-vmafd/bin/vecs-cli entry list --store BACKUP_STORE --text</pre> | <pre>/usr/lib/vmware-vmafd/bin/vecs-cli entry list --store BACKUP_STORE --text</pre> | ||
Example output: | |||
<pre style="color: silver; background: black; width: 800px"> | |||
root@vcsa01 [ ~ ]# /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store BACKUP_STORE --text | |||
Number of entries in store : 1 | |||
Alias : bkp___MACHINE_CERT | |||
Entry type : Private Key | |||
</pre> | |||
===Remove certificate from backup store=== | ===Remove certificate from backup store=== | ||
<pre>/usr/lib/vmware-vmafd/bin/vecs-cli entry delete --store BACKUP_STORE --alias ALIAS -y</pre> | <pre>/usr/lib/vmware-vmafd/bin/vecs-cli entry delete --store BACKUP_STORE --alias ALIAS -y</pre> | ||
Example output: | |||
<pre style="color: silver; background: black; width: 800px"> | |||
root@vcsa01 [ ~ ]# /usr/lib/vmware-vmafd/bin/vecs-cli entry delete --store BACKUP_STORE --alias bkp___MACHINE_CERT -y | |||
Certificate removed successfully | |||
root@vcsa01 [ ~ ]# | |||
</pre> | |||
[[Category:vmware]] | |||
[[Category:vsphere]] | |||
[[Category:esxi]] | |||
[[Category:vcenter]] | |||
[[Category:VCSA]] | |||
<comments /> | |||
Latest revision as of 08:23, 20 March 2022
Certificates
Checking certificates
for i in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list); do echo $i; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $i --text | grep -i "not after"; done;
Example output:
root@vcsa01 [ ~ ]# for i in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list); do echo $i; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $i --text | grep -i "not after"; done;
MACHINE_SSL_CERT
Not After : Jul 22 07:41:47 2025 GMT
TRUSTED_ROOTS
Not After : Jun 13 13:59:42 2030 GMT
Not After : Mar 31 02:05:40 2027 GMT
Not After : Mar 30 16:26:07 2027 GMT
Not After : Mar 31 09:33:20 2027 GMT
Not After : Apr 1 16:27:47 2027 GMT
Not After : Jun 23 15:59:12 2026 GMT
Not After : Jun 23 13:52:04 2026 GMT
Not After : Aug 19 13:31:53 2027 GMT
Not After : Sep 3 08:10:32 2029 GMT
Not After : Sep 11 07:13:12 2029 GMT
Not After : Apr 11 21:41:42 2030 GMT
Not After : May 21 19:53:38 2030 GMT
Not After : Jun 6 14:07:23 2030 GMT
Not After : Jun 14 12:23:24 2030 GMT
Not After : Jun 15 16:28:34 2030 GMT
Not After : Jun 17 08:57:47 2030 GMT
Not After : Jun 17 09:35:44 2030 GMT
Not After : Jun 17 10:03:29 2030 GMT
Not After : Jun 17 18:13:05 2030 GMT
Not After : Nov 22 22:33:58 2026 GMT
Not After : Nov 15 23:16:40 2036 GMT
Not After : Dec 7 17:55:54 2030 GMT
TRUSTED_ROOT_CRLS
machine
Not After : Jul 27 08:28:24 2023 GMT
vsphere-webclient
Not After : Jul 27 08:28:25 2023 GMT
vpxd
Not After : Jul 27 08:28:25 2023 GMT
vpxd-extension
Not After : Jul 27 08:28:26 2023 GMT
SMS
Not After : Jul 24 14:35:30 2029 GMT
APPLMGMT_PASSWORD
data-encipherment
Not After : Aug 19 13:31:53 2027 GMT
BACKUP_STORE
Not After : Jul 22 07:41:47 2025 GMT
root@vcsa01 [ ~ ]# ~
Certificate manager
/usr/lib/vmware-vmca/bin/certificate-manager
Example output:
root@vcsa01 [ ~ ]# /usr/lib/vmware-vmca/bin/certificate-manager
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
| |
| *** Welcome to the vSphere 6.7 Certificate Manager *** |
| |
| -- Select Operation -- |
| |
| 1. Replace Machine SSL certificate with Custom Certificate |
| |
| 2. Replace VMCA Root certificate with Custom Signing |
| Certificate and replace all Certificates |
| |
| 3. Replace Machine SSL certificate with VMCA Certificate |
| |
| 4. Regenerate a new VMCA Root Certificate and |
| replace all certificates |
| |
| 5. Replace Solution user certificates with |
| Custom Certificate |
| |
| 6. Replace Solution user certificates with VMCA certificates |
| |
| 7. Revert last performed operation by re-publishing old |
| certificates |
| |
| 8. Reset all Certificates |
|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|
Note : Use Ctrl-D to exit.
Option[1 to 8]:
Get certificate alias' from backup store
/usr/lib/vmware-vmafd/bin/vecs-cli entry list --store BACKUP_STORE --text
Example output:
root@vcsa01 [ ~ ]# /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store BACKUP_STORE --text Number of entries in store : 1 Alias : bkp___MACHINE_CERT Entry type : Private Key
Remove certificate from backup store
/usr/lib/vmware-vmafd/bin/vecs-cli entry delete --store BACKUP_STORE --alias ALIAS -y
Example output:
root@vcsa01 [ ~ ]# /usr/lib/vmware-vmafd/bin/vecs-cli entry delete --store BACKUP_STORE --alias bkp___MACHINE_CERT -y Certificate removed successfully root@vcsa01 [ ~ ]#
<comments />