Retrieves the vCenter Security Token Service (STS) signing certificate. Per KB79248 "If the vCenter Server was deployed as version 6.5 Update 2 or later, the Security Token Service (STS) signing certificate may have a two-year validity period. Depending on when vCenter was deployed, this may be approaching expiry."
This Powershell script/function will connect to the vCenter(s) specified, and retrieve the STS signing certificates from the vCenter LDAP database with their expiration dates.
- Open a Powershell command line, and change to the directory you saved the script in
- Use the command: ". ./Get-STSCerts.ps1" to load the function
- Run the command: Get-STSCerts -vcenters vcenter.domain.com -user firstname.lastname@example.org -password P@$$w0rd
- If you don't specify the password, it will prompt you and obfuscate it as you type.
- The user MUST be a local account to vSphere. It can't be from an external source like AD
- The username has to be in the SPN format: email@example.com
- For multiple vCenters, you can create an array of vCenters, and pipe it to the function
- $vCenters = "vcenter1.domain.com","vcenter2.domain.com","vcenter3.domain.com"
- $vCenters | -user firstname.lastname@example.org -password P@$$w0rd
- For help, type "get-help Get-STSCerts" for examples, and details