Fixcerts script accepts some additional arguments for the default VMCA certificate replacement, following are some examples :
Replace ONLY EXPIRED Certificates
- python fixcerts_3_1.py replace --certType expired_only
- python fixcerts_3_1.py replace --certType expired_only --serviceRestart True [To restart all the services automatically post certificate replacement]
- python fixcerts_3_1.py replace --certType expired_only --additionalSAN fqdn1,fqdn2 [if multiple hostnames are required in SAN, provide comma separated values for multiple FQDNs]
- python fixcerts_3_1.py replace --certType expired_only --silent True --password "<sso admin password>" --serviceRestart True|False [for silent replacement without any user inputs]
- python fixcerts_3_1.py replace --certType expired_only --validityDays <number between 1 to 3650> [To Customize the certificate validity, by default VMCA signs certificate with 2 year validity]
- python fixcerts_3_1.py replace --certType expired_only --keySize <2048/3072/4096> [To Customize the Key Length, by default VMCA signs certificate with 2048 as key size]
Replace all the Certificates on vCenter Server
- python fixcerts_3_1.py replace --certType all
- python fixcerts_3_1.py replace --certType all --serviceRestart True [To restart all the services automatically post certificate replacement]
- python fixcerts_3_1.py replace --certType all --additionalSAN fqdn1,fqdn2 [if multiple hostnames are required in SAN, provide comma separated values for multiple FQDNs]
- python fixcerts_3_1.py replace --certType all --silent True --password "<sso admin password>" --serviceRestart True|False [for silent replacement without any user inputs]
- python fixcerts_3_1.py replace --certType all --validityDays <number between 1 to 3650> [To Customize the certificate validity, by default VMCA signs certificate with 2 year validity. Please note, the VMCA Root Certificate will have the default 10 years validity and the default Key Size which cannot be Customized]
- python fixcerts_3_1.py replace --certType all --keySize <2048/3072/4096> [To Customize the Key Length, by default VMCA signs certificate with 2048 as key size]
Replace VMCA Root Certificate and all other Certificates
- python fixcerts_3_1.py replace --certType root
- python fixcerts_3_1.py replace --certType root --serviceRestart True [To restart all the services automatically post certificate replacement]
- python fixcerts_3_1.py replace --certType root --silent True --password "<sso admin password>" --serviceRestart True|False [for silent replacement without any user inputs]
Replace MACHINE_SSL_CERT Certificate
- python fixcerts_3_1.py replace --certType machinessl
- python fixcerts_3_1.py replace --certType machinessl --serviceRestart True [To restart all the services automatically post certificate replacement]
- python fixcerts_3_1.py replace --certType machinessl --additionalSAN fqdn1,fqdn2 [if multiple hostnames are required in SAN, provide comma separated values for multiple FQDNs]
- python fixcerts_3_1.py replace --certType machinessl --silent True --password "<sso admin password>" --serviceRestart True|False [for silent replacement without any user inputs]
- python fixcerts_3_1.py replace --certType machinessl --validityDays <number between 1 to 3650> [To Customize the certificate validity, by default VMCA signs certificate with 2 year validity]
- python fixcerts_3_1.py replace --certType machinessl --keySize <2048/3072/4096> [To Customize the Key Length, by default VMCA signs certificate with 2048 as key size]
Replace STS (Signing Certificate) Certificate
- python fixcerts_3_1.py replace --certType sts
- python fixcerts_3_1.py replace --certType sts --serviceRestart True [To restart all the services automatically post certificate replacement]
- python fixcerts_3_1.py replace --certType sts --silent True --password "<sso admin password>" --serviceRestart True|False [for silent replacement without any user inputs]
- python fixcerts_3_1.py replace --certType sts --validityDays <number between 1 to 3650> [To Customize the certificate validity, by default VMCA signs certificate with 2 year validity]
- python fixcerts_3_1.py replace --certType sts --keySize <2048/3072/4096> [To Customize the Key Length, by default VMCA signs certificate with 2048 as key size]
Replace Solution User Certificates
- python fixcerts_3_1.py replace --certType solutionusers
-
- python fixcerts_3_1.py replace --certType solutionusers --serviceRestart True [To restart all the services automatically post certificate replacement]
- python fixcerts_3_1.py replace --certType solutionusers --silent True --password "<sso admin password>" --serviceRestart True|False [for silent replacement without any user inputs]
- python fixcerts_3_1.py replace --certType solutionusers --validityDays <number between 1 to 3650> [To Customize the certificate validity, by default VMCA signs certificate with 2 year validity]
- python fixcerts_3_1.py replace --certType solutionusers --keySize <2048/3072/4096> [To Customize the Key Length, by default VMCA signs certificate with 2048 as key size]
Replace data-encipherment Certificate
- python fixcerts_3_1.py replace --certType data-encipherment
- python fixcerts_3_1.py replace --certType data-encipherment --serviceRestart True [To restart all the services automatically post certificate replacement]
- python fixcerts_3_1.py replace --certType data-encipherment --silent True --password "<sso admin password>" --serviceRestart True|False [for silent replacement without any user inputs]
- python fixcerts_3_1.py replace --certType data-encipherment --force_encipherment_replace True|False [by default script will replace the data-enciphement cert only if it is expired, use the force switch if you want to override]
Replace LookupService Certificate if a STS_INTERNAL_SSL_CERT store is available
- python fixcerts_3_1.py replace --certType lookupservice
- python fixcerts_3_1.py replace --certType lookupservice --serviceRestart True [To restart all the services automatically post certificate replacement]
- python fixcerts_3_1.py replace --certType lookupservice --additionalSAN fqdn1,fqdn2 [if multiple hostnames are required in SAN, provide comma separated values for multiple FQDNs]
- python fixcerts_3_1.py replace --certType lookupservice --silent True --password "<sso admin password>" --serviceRestart True|False [for silent replacement without any user inputs]
- python fixcerts_3_1.py replace --certType lookupservice --validityDays <number between 1 to 3650> [To Customize the certificate validity, by default VMCA signs certificate with 2 year validity]
- python fixcerts_3_1.py replace --certType lookupservice --keySize <2048/3072/4096> [To Customize the Key Length, by default VMCA signs certificate with 2048 as key size]
Replace expired Certificates from SMS store
- python fixcerts_3_1.py replace --certType sms
- python fixcerts_3_1.py replace --certType sms --serviceRestart True [To restart all the services automatically post certificate replacement]
Remove Non-CA Certificates from TRUSTED_ROOTS store, if any
- python fixcerts_3_1.py remove --storeType trusted_roots --certType non-ca
- python fixcerts_3_1.py remove --storeType trusted_roots --certType non-ca --serviceRestart True [To restart all the services automatically post certificate replacement]
Remove expired Certificates from TRUSTED_ROOTS store, if any
- python fixcerts_3_1.py remove --storeType trusted_roots --certType expired
- python fixcerts_3_1.py remove --storeType trusted_roots --certType expired --serviceRestart True [To restart all the services automatically post certificate replacement]
Update Thumbprint for VPXD Extensions (eam, rbd & imagebuilder)
- python fixcerts_3_1.py update --ExtensionType all (to update thumbprint of all three extensions - eam, rbd & imagebuilder)
- python fixcerts_3_1.py update --ExtensionType eam (to update thumbprint of only eam extension)
- python fixcerts_3_1.py update --ExtensionType rbd (to update thumbprint of only rbd extension)
- python fixcerts_3_1.py update --ExtensionType imagebuilder (to update thumbprint of only imagebuilder extension)
The link below provides additional interfaces for managing vCenter Server Certificates.