August 1, 2021

USEFUL-IT

A blog for USEFUL-IT information

[PS] How to validate VMWare ESX Certificates

The connection between vCenter and the ESXHost is established and maintained by certificates.

You as an administrator would like to know when you certificates expire.

So I wrote a small function that can help get the certificate used from the hosts that are connected to your vcenter.

Function Get-ESXHostCertificateInfo {
[cmdletbinding ()]
param (
[Parameter(Mandatory=$true)]
[VMware.Vim.HostSystem]$HostData)

    $Certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
    $Certificate.Import($HostData.config.certificate)
    $Certificate.FriendlyName = $HostData.name

    [System.Security.Cryptography.X509Certificates.X509Certificate2]$Certificate
}

The input for this function is a [VMware.Vim.HostSystem] object this is generated with the standard VMware command

Get-view -ViewType HostSystem -Server <vCenterServer>

When the Function is loaded you can use the following small script to get the data out of your vcenter or vcenters.

$vCenters = @('vCenter1','vCenter2')
[pscredential]$Cred = Get-Credential

Connect-VIServer -Server $vCenters -Credential $Cred

$ESXhosts = Get-View -ViewType HostSystem -Property Name,Config.Certificate
$data = $ESXhosts | ForEach-Object {
    Write-verbose "Processing $($_.name)" -verbose

    Get-ESXHostCertificateInfo $_ } | Select Friendlyname, ThumbPrint, NotAfter

In my Lab this is generating the following output

FriendlyName           Thumbprint                               NotAfter           
------------           ----------                               --------           
esxi65-03.usefullab.nl EE63C6F70B193813454881377F76D23AFCCCD14E 11/08/2023 12:11:42
esxi65-02.usefullab.nl E136C5D12CC38E2D6C97E6D044F46DA0EC03A332 11/08/2023 15:32:22
esxi65-04.usefullab.nl 04C3011BE2DD409190B3A483951E6E40B19FCFF6 24/08/2023 11:54:37
esxi65-01.usefullab.nl 75059A809EA27EF0F7C91C7F6CD297D886D952E0 09/08/2023 05:46:00