Vcsa: Difference between revisions
Jump to navigation
Jump to search
Line 100: | Line 100: | ||
===Remove certificate from backup store=== | ===Remove certificate from backup store=== | ||
<pre>/usr/lib/vmware-vmafd/bin/vecs-cli entry delete --store BACKUP_STORE --alias ALIAS -y</pre> | <pre>/usr/lib/vmware-vmafd/bin/vecs-cli entry delete --store BACKUP_STORE --alias ALIAS -y</pre> | ||
Example output: | |||
<pre style="color: silver; background: black; width: 800px"> | |||
root@vcsa01 [ ~ ]# /usr/lib/vmware-vmafd/bin/vecs-cli entry delete --store BACKUP_STORE --alias bkp___MACHINE_CERT -y | |||
Certificate removed successfully | |||
root@vcsa01 [ ~ ]# | |||
</pre> |
Revision as of 09:41, 27 July 2021
Certificates
Checking certificates
for i in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list); do echo $i; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $i --text | grep -i "not after"; done;
Example output:
root@vcsa01 [ ~ ]# for i in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list); do echo $i; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $i --text | grep -i "not after"; done; MACHINE_SSL_CERT Not After : Jul 22 07:41:47 2025 GMT TRUSTED_ROOTS Not After : Jun 13 13:59:42 2030 GMT Not After : Mar 31 02:05:40 2027 GMT Not After : Mar 30 16:26:07 2027 GMT Not After : Mar 31 09:33:20 2027 GMT Not After : Apr 1 16:27:47 2027 GMT Not After : Jun 23 15:59:12 2026 GMT Not After : Jun 23 13:52:04 2026 GMT Not After : Aug 19 13:31:53 2027 GMT Not After : Sep 3 08:10:32 2029 GMT Not After : Sep 11 07:13:12 2029 GMT Not After : Apr 11 21:41:42 2030 GMT Not After : May 21 19:53:38 2030 GMT Not After : Jun 6 14:07:23 2030 GMT Not After : Jun 14 12:23:24 2030 GMT Not After : Jun 15 16:28:34 2030 GMT Not After : Jun 17 08:57:47 2030 GMT Not After : Jun 17 09:35:44 2030 GMT Not After : Jun 17 10:03:29 2030 GMT Not After : Jun 17 18:13:05 2030 GMT Not After : Nov 22 22:33:58 2026 GMT Not After : Nov 15 23:16:40 2036 GMT Not After : Dec 7 17:55:54 2030 GMT TRUSTED_ROOT_CRLS machine Not After : Jul 27 08:28:24 2023 GMT vsphere-webclient Not After : Jul 27 08:28:25 2023 GMT vpxd Not After : Jul 27 08:28:25 2023 GMT vpxd-extension Not After : Jul 27 08:28:26 2023 GMT SMS Not After : Jul 24 14:35:30 2029 GMT APPLMGMT_PASSWORD data-encipherment Not After : Aug 19 13:31:53 2027 GMT BACKUP_STORE Not After : Jul 22 07:41:47 2025 GMT root@vcsa01 [ ~ ]# ~
Certificate manager
/usr/lib/vmware-vmca/bin/certificate-manager
Example output:
root@vcsa01 [ ~ ]# /usr/lib/vmware-vmca/bin/certificate-manager _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | | | *** Welcome to the vSphere 6.7 Certificate Manager *** | | | | -- Select Operation -- | | | | 1. Replace Machine SSL certificate with Custom Certificate | | | | 2. Replace VMCA Root certificate with Custom Signing | | Certificate and replace all Certificates | | | | 3. Replace Machine SSL certificate with VMCA Certificate | | | | 4. Regenerate a new VMCA Root Certificate and | | replace all certificates | | | | 5. Replace Solution user certificates with | | Custom Certificate | | | | 6. Replace Solution user certificates with VMCA certificates | | | | 7. Revert last performed operation by re-publishing old | | certificates | | | | 8. Reset all Certificates | |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _| Note : Use Ctrl-D to exit. Option[1 to 8]:
Get certificate alias' from backup store
/usr/lib/vmware-vmafd/bin/vecs-cli entry list --store BACKUP_STORE --text
Example output:
root@vcsa01 [ ~ ]# /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store BACKUP_STORE --text Number of entries in store : 1 Alias : bkp___MACHINE_CERT Entry type : Private Key
Remove certificate from backup store
/usr/lib/vmware-vmafd/bin/vecs-cli entry delete --store BACKUP_STORE --alias ALIAS -y
Example output:
root@vcsa01 [ ~ ]# /usr/lib/vmware-vmafd/bin/vecs-cli entry delete --store BACKUP_STORE --alias bkp___MACHINE_CERT -y Certificate removed successfully root@vcsa01 [ ~ ]#