Determining expired SSL certificates in vCenter Server
Article ID: 343041
Updated On:
Products
VMware vCenter Server
VMware vSphere ESXi
VMware vCenter Server 8.0
VMware vCenter Server 6.0
VMware vCenter Server 7.0
Issue/Introduction
This article provides steps to find expired vCenter Server certificates.
Environment
- VMware vSphere ESXi 6.5.x
- VMware vSphere ESXi 6.7.x
- VMware vSphere ESXi 7.x
- VMware vSphere ESXi 8.x
- VMware vSphere ESXi 9.x
Resolution
Checking the expiration date of vCenter Server certificates
Note: To check the STS certificate (Single Sign-on Token Signing), see Checking Expiration of STS Certificate on vCenter Server.
- For the vCenter appliance, SSH into the vCenter and run:
# for store in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list | grep -v TRUSTED_ROOT_CRLS); do echo "[*] Store :" $store; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $store --text | grep -ie "Alias" -ie "Not After";done;
- For Windows vCenter using PowerShell:
$VCInstallHome = [System.Environment]::ExpandEnvironmentVariables("%VMWARE_CIS_HOME%");foreach ($STORE in & "$VCInstallHome\vmafdd\vecs-cli" store list){Write-host STORE: $STORE;& "$VCInstallHome\vmafdd\vecs-cli" entry list --store $STORE --text | findstr /C:"Alias" /C:"Not After"}
Check if the certificates are expired.
Additional Information
- Using ESXi Shell in ESXi 5.x, 6.x and 7.x
- CertificateStatusAlarm - There are certificate that expired or about to expire/Certificate Status Change Alarm Triggered on VMware vCenter Server
- View Certificate Expiration Information for ESXi Hosts
- Renew or Refresh ESXi Certificates
- Certificate Management for ESXi Hosts
Feedback
Yes
No
Powered by
