我在 VCSA 中有一些过期的证书,知道如何通过 curl 检查它们吗?可以吗?我想我只能在外部检查机器证书,对吗?我想在外部监控它。
cert output>
# for store in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list | grep -v TRUSTED_ROOT_CRLS); do echo "[*] Store :" $store; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $store --text | grep -ie "Alias" -ie "Not After";done;
[*] Store : MACHINE_SSL_CERT
Alias : __MACHINE_CERT
Not After : Oct 13 08:01:02 2025 GMT
[*] Store : TRUSTED_ROOTS
Alias : 4a870d0c4b5cb4bd5048b071cd30382666a32e21
Not After : Nov 22 15:04:03 2028 GMT
Alias : 54c2aa2dfd9718d7692c18311fd44d0551d78651
Not After : Nov 7 12:50:21 2031 GMT
[*] Store : machine
Alias : machine
Not After : Nov 12 12:42:09 2023 GMT
[*] Store : vsphere-webclient
Alias : vsphere-webclient
Not After : Nov 12 12:42:10 2023 GMT
[*] Store : vpxd
Alias : vpxd
Not After : Nov 12 12:42:10 2023 GMT
[*] Store : vpxd-extension
Alias : vpxd-extension
Not After : Nov 12 12:42:11 2023 GMT
[*] Store : SMS
我的脚本
openssl s_client -servername <FQDN> -connect <FQDN>:443 2>/dev/null | openssl x509 -noout -dates