voltron/NodeMgmt
1
1
Fork 0
Code Issues Pull Requests Releases 1 Activity

Update vCenter-SSL.ps1

Browse Source
This commit is contained in:
David Schroeder
2025-11-19 22:10:42 -06:00
parent 9c6517930e
commit a523190bfb
1 changed files with 83 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
inc/vCenter-SSL.ps1
View File

@@ -130,6 +130,7 @@ if ($paCert) {
$needNewCert = $true $needNewCert = $true
} else { } else {
Write-Log INFO "Skipping issuance — certificate valid >$RenewalWindow days." Write-Log INFO "Skipping issuance — certificate valid >$RenewalWindow days."
$needNewCert = $false
} }
} else { } else {
Write-Log WARN "No existing cert found — issuance required." Write-Log WARN "No existing cert found — issuance required."
@@ -200,10 +201,11 @@ foreach ($f in @($certPath,$keyPath,$chainPath)) {
} }
} }
# ---------------------------- if ($needNewCert) {
# Add CA chain to trusted store (remove duplicates) # ----------------------------
# ---------------------------- # Add CA chain to trusted store (remove duplicates)
try { # ----------------------------
try {
Write-Log INFO "Cleaning old CA trust entries..." Write-Log INFO "Cleaning old CA trust entries..."
$issuer = ($paCert.Issuer) $issuer = ($paCert.Issuer)
$existingCA = Get-VITrustedCertificate | Where-Object { $_.Subject -eq $issuer } $existingCA = Get-VITrustedCertificate | Where-Object { $_.Subject -eq $issuer }
@@ -215,15 +217,15 @@ try {
Write-Log INFO "Adding CA chain to vCenter trust store..." Write-Log INFO "Adding CA chain to vCenter trust store..."
Add-VITrustedCertificate -PemCertificateOrChain $pemChain -VCenterOnly -Confirm:$false | Out-Null Add-VITrustedCertificate -PemCertificateOrChain $pemChain -VCenterOnly -Confirm:$false | Out-Null
} catch { } catch {
Write-Log WARN "Failed to manage CA trust entries: $($_.Exception.Message)" Write-Log WARN "Failed to manage CA trust entries: $($_.Exception.Message)"
} }
# ---------------------------- # ----------------------------
# Compare current vCenter cert # Compare current vCenter cert
# ---------------------------- # ----------------------------
$needPush = $true $needPush = $true
try { try {
$vcCert = Get-VIMachineCertificate -VCenterOnly -ErrorAction Stop $vcCert = Get-VIMachineCertificate -VCenterOnly -ErrorAction Stop
Write-Log INFO ("Current vCenter cert: Subject={0} NotAfter={1}" -f $vcCert.Subject, $vcCert.NotValidAfter) Write-Log INFO ("Current vCenter cert: Subject={0} NotAfter={1}" -f $vcCert.Subject, $vcCert.NotValidAfter)
@@ -231,14 +233,14 @@ try {
Write-Log INFO "vCenter already using this certificate." Write-Log INFO "vCenter already using this certificate."
$needPush = $false $needPush = $false
} }
} catch { } catch {
Write-Log WARN "Unable to read vCenter cert, assuming update required." Write-Log WARN "Unable to read vCenter cert, assuming update required."
} }
# ---------------------------- # ----------------------------
# Apply new certificate # Apply new certificate
# ---------------------------- # ----------------------------
if ($needPush) { if ($needPush) {
Write-Log INFO "Applying new Machine SSL certificate..." Write-Log INFO "Applying new Machine SSL certificate..."
@@ -285,8 +287,9 @@ if ($needPush) {
Show-Failure $_ Show-Failure $_
} }
} else { } else {
Write-Log INFO "No certificate update needed. Skipping vpxd restart + Veeam rescan." Write-Log INFO "No certificate update needed. Skipping vpxd restart + Veeam rescan."
}
} }
# ---------------------------- # ----------------------------