Open ratelutz opened 3 years ago
I think the original purpose of the section is to display information about the local vcenter certificate authority and not the machine certificate which is tied to the management port tcp/443.
In any case since PowerCLI 12.4 version there is the "Get-VIMachineCertificate" cmdlet that allows to extract information about the machine certificate.
PS /home/rebelinux> Get-VIMachineCertificate -VCenterOnly | Format-List
Entity : 192.168.5.2
EntityType : VCenter
Subject : vcenter-01v
Issuer : pharmax-SERVER-DC-01V-CA
SerialNumber : 610000000F09F5BD4AB10CE02F00000000000F
NotValidBefore : 1/25/2020 9:42:08 PM
NotValidAfter : 1/24/2022 9:42:08 PM
CertificatePEM : -----BEGIN CERTIFICATE-----
MIIFxTCCBK2gAwIBAgITYQAAAA8J9b1KsQzgLwAAAAAADzANBgkqhkiG9w0BAQsFADBTMRUwEwYK
CZImiZPyLGQBGRYFbG9jYWwxFzAVBgoJkiaJk/IsZAEZFgdwaGFybWF4MSEwHwYDVQQDExhwaGFy
bWF4LVNFUlZFUi1EQy0wMVYtQ0EwHhcNMjAwMTI2MDE0MjA4WhcNMjIwMTI1MDE0MjA4WjBkMQsw
CQYDVQQGEwJQUjEQMA4GA1UECBMHU2FsaW5hczEOMAwGA1UEBxMFUGxlbmExEDAOBgNVBAoTB1BI
QVJNQVgxCzAJBgNVBAsTAklUMRQwEgYDVQQDEwt2Y2VudGVyLTAxdjCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAMP6N7hGWQJFtoNqnsQZptfu521qV0M3M7GF/kDsh0V6pKAg0Em4BfXS
tVGUabDBUYMyqHDIkZIRQCRjbeowPB19eCREbNlqj5ETxRaHn09tA9IAuuPz2y6CJU04P/pnOnHJ
BlyFW9h4qhvOprStZS+jGjToDI1vlrPxATLbQFE7NW0+rZa+8S61xlESomuaRWxd8fURGWtXDpsZ
pHkI0L6blpX2nqGKNrwU0jphJHf9tnAF0zvNb1EsCV8GupwyGHDeT9AT3TPcSmPFzJdGv/ucVQ3+
xgljNeRaav3qVSgi1IWoOY/LChGm+1F83QF4WYqMkOzoK6+zVd6Rqh3ot7cCAwEAAaOCAn8wggJ7
MB0GA1UdDgQWBBTF22M+2mCf/wQeU8Burazju0GGcTBBBgNVHREEOjA4gRVqb2NvbG9uQHBoYXJt
YXgubG9jYWyHBMCoBQKCGXZjZW50ZXItMDF2LnBoYXJtYXgubG9jYWwwHwYDVR0jBBgwFoAUl6De
6v2+zu0320B298G5ucoRs8swgd4GA1UdHwSB1jCB0zCB0KCBzaCByoaBx2xkYXA6Ly8vQ049cGhh
cm1heC1TRVJWRVItREMtMDFWLUNBLENOPVNlcnZlci1EQy0wMVYsQ049Q0RQLENOPVB1YmxpYyUy
MEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9cGhhcm1heCxE
Qz1sb2NhbD9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JMRGlz
dHJpYnV0aW9uUG9pbnQwgcwGCCsGAQUFBwEBBIG/MIG8MIG5BggrBgEFBQcwAoaBrGxkYXA6Ly8v
Q049cGhhcm1heC1TRVJWRVItREMtMDFWLUNBLENOPUFJQSxDTj1QdWJsaWMlMjBLZXklMjBTZXJ2
aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1cmF0aW9uLERDPXBoYXJtYXgsREM9bG9jYWw/Y0FD
ZXJ0aWZpY2F0ZT9iYXNlP29iamVjdENsYXNzPWNlcnRpZmljYXRpb25BdXRob3JpdHkwIQYJKwYB
BAGCNxQCBBQeEgBXAGUAYgBTAGUAcgB2AGUAcjAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYI
KwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAA87p0OOwldVXQJHrCd9tCWhbJ1bD+RBwHS1F774
85HmPVU7ff6TyepLI4mauAtd1zpco0gKJAXa280TxtXxdhcuE0mgjqQ9K3ozb+9gEsFYX03qExWU
oO6XZVtBRSVIg3fdXaEq9Rve9bKv/P01tDYPP2QjQggPGnwQ5fvZGXm62d3ty65/0+qQOBl6eK1E
+39Axn5DBnuxeCtuOKJ00ak9k51wAEIBqG0DlRqPsKc9ci161dNQOOqWb3hv6sB+xpzKFAfywvSG
AHK+z1lrBl/S98HKY6HXF/jur/yQvlKgLYeFNxITNSagm+tn7XziWysfosrlVPYrYRRHwLWe7sY=
-----END CERTIFICATE-----
Certificate : [Subject]
CN=vcenter-01v, OU=IT, O=PHARMAX, L=Plena, S=Salinas, C=PR
[Issuer]
CN=pharmax-SERVER-DC-01V-CA, DC=pharmax, DC=local
[Serial Number]
610000000F09F5BD4AB10CE02F00000000000F
[Not Before]
1/25/2020 9:42:08 PM
[Not After]
1/24/2022 9:42:08 PM
[Thumbprint]
55AF066DE0A066270D99DD9AFB1993D10B7745FD
PS /home/rebelinux>
Regards,
Jon
Hi Jon and others,
instead of relying on a newer PowerCLI version I'd like to bring up the idea to use the longer available PowerShell integrated Net.HttpWebRequest
and query the vCenter by either DNS or IP (whatever was submitted when generating the report).
I'm by far not an expert, yet I wrote a relatively simple script once to query SSL certificates like this and it works most reliably to this day.
Regards
Describe the bug In our environment we have Certificates Signed by our PKI in place but the report shows the default VMware certificate
To Reproduce Running a VMware vSphere as built report against a VMware.vSphere
vCenter InfoLevel is 3 or higher Host InfoLevel is 2 or higher Cluster InfoLevel is 3 or higher