Update vCenter-SSL.ps1
This commit is contained in:
@@ -130,6 +130,7 @@ if ($paCert) {
|
||||
$needNewCert = $true
|
||||
} else {
|
||||
Write-Log INFO "Skipping issuance — certificate valid >$RenewalWindow days."
|
||||
$needNewCert = $false
|
||||
}
|
||||
} else {
|
||||
Write-Log WARN "No existing cert found — issuance required."
|
||||
@@ -200,10 +201,11 @@ foreach ($f in @($certPath,$keyPath,$chainPath)) {
|
||||
}
|
||||
}
|
||||
|
||||
# ----------------------------
|
||||
# Add CA chain to trusted store (remove duplicates)
|
||||
# ----------------------------
|
||||
try {
|
||||
if ($needNewCert) {
|
||||
# ----------------------------
|
||||
# Add CA chain to trusted store (remove duplicates)
|
||||
# ----------------------------
|
||||
try {
|
||||
Write-Log INFO "Cleaning old CA trust entries..."
|
||||
$issuer = ($paCert.Issuer)
|
||||
$existingCA = Get-VITrustedCertificate | Where-Object { $_.Subject -eq $issuer }
|
||||
@@ -215,15 +217,15 @@ try {
|
||||
Write-Log INFO "Adding CA chain to vCenter trust store..."
|
||||
Add-VITrustedCertificate -PemCertificateOrChain $pemChain -VCenterOnly -Confirm:$false | Out-Null
|
||||
|
||||
} catch {
|
||||
} catch {
|
||||
Write-Log WARN "Failed to manage CA trust entries: $($_.Exception.Message)"
|
||||
}
|
||||
}
|
||||
|
||||
# ----------------------------
|
||||
# Compare current vCenter cert
|
||||
# ----------------------------
|
||||
$needPush = $true
|
||||
try {
|
||||
# ----------------------------
|
||||
# Compare current vCenter cert
|
||||
# ----------------------------
|
||||
$needPush = $true
|
||||
try {
|
||||
$vcCert = Get-VIMachineCertificate -VCenterOnly -ErrorAction Stop
|
||||
Write-Log INFO ("Current vCenter cert: Subject={0} NotAfter={1}" -f $vcCert.Subject, $vcCert.NotValidAfter)
|
||||
|
||||
@@ -231,14 +233,14 @@ try {
|
||||
Write-Log INFO "vCenter already using this certificate."
|
||||
$needPush = $false
|
||||
}
|
||||
} catch {
|
||||
} catch {
|
||||
Write-Log WARN "Unable to read vCenter cert, assuming update required."
|
||||
}
|
||||
}
|
||||
|
||||
# ----------------------------
|
||||
# Apply new certificate
|
||||
# ----------------------------
|
||||
if ($needPush) {
|
||||
# ----------------------------
|
||||
# Apply new certificate
|
||||
# ----------------------------
|
||||
if ($needPush) {
|
||||
|
||||
Write-Log INFO "Applying new Machine SSL certificate..."
|
||||
|
||||
@@ -285,8 +287,9 @@ if ($needPush) {
|
||||
Show-Failure $_
|
||||
}
|
||||
|
||||
} else {
|
||||
} else {
|
||||
Write-Log INFO "No certificate update needed. Skipping vpxd restart + Veeam rescan."
|
||||
}
|
||||
}
|
||||
|
||||
# ----------------------------
|
||||
|
||||
Reference in New Issue
Block a user