How to list all certificates

Moin,

I have to check (all automatically) which certificate will expire soon and then generate it again. But how do I get a list of the certificates including the “notAfter” information. In the documentation (https://www.vaultproject.io/api-docs/secret/pki#list-certificates) I found
curl
–header “X-Vault-Token: …”
–request LIST
http://127.0.0.1:8200/v1/pki/certs

but I don not understand the output. There are no names or so.

Any hint? Thanks!

1 Like

So far as I know, you only get the serial numbers and then have to do a read on each certificate record (and then read the cert itself) to get that info.

I think the intimation is that you shouldn’t be reacting to extended expiration windows and should be set up to expire everything quickly and tidy regularly.

I agree though, it’d be nice to get some metadata for when things aren’t behaving.

Trying to troubleshoot an explosion of certs and there’s not a great way of sifting through everything that’s there