Author: Mark McGill, VMware

        Last Edit: 5/6/2022

        Version 1.4


        Returns vCenter certificate information for all VCSA certificates, and optionally returns host certs


        Returns valid from and valid to dates for all VCSA certificates, including STS Signing Certs.


        vCenter and user are required. If no password is specified, you will be prompted for one

        USER MUST BE A VCENTER LOCAL USER (ie, administrator@vsphere.local), AND MUST BE IN SPN FORMAT (ie,

    .PARAMETER vcenters


        A single vCenter or array of vCenters to query

    .PARAMETER user


        vSphere local domain user in SPN format (ie, administrator@vsphere.local). Local user is needed in order to query LDAP

    .PARAMETER password

        If you do not specify a password when calling the function, you will be prompted for it

    .PARAMETER includeHosts

        Using this flag will retrieve certs from each host associated with the vCenter(s)

    .PARAMETER all

        Using this flag will return "STSRelyingParty" and "STSTenantTrustedCertificateChain" certificates, which are normally duplicates of already

            reported certificates


        #load function and run

        . ./Get-VCSACerts.ps1

        Get-STSCerts -vcenter "" -user "administrator@vsphere.local" -password 'VMware1!'


        #uses an array to pass multiple vcenters to the function

        $vCenters = "","",""

        $vCenters | Get-VCSACerts -user "administrator@vsphere.local" -password 'VMware1!'


        #use the '-includeHosts' option to get all host certificates

        Get-VCSACerts -vcenter "" -user "administrator@vsphere.local" -includeHosts


        #use the '-all' option to include "STSRelyingParty" and "STSTenantTrustedCertificateChain" certificates

        Get-VCSACerts -vcenter "" -user "administrator@vsphere.local" -all


        #use the '-Verbose' option to show connection and retrieval details

            Get-VCSACerts -vcenter "" -user "administrator@vsphere.local" -Verbose


        Array of objects containing certificate data

Sign in to be able to add comments.

Comments 1

6498523078 1 year ago
Great script.

Just a pity I only discovered this now :-)