Moin,
I have to check (all automatically) which certificate will expire soon and then generate it again. But how do I get a list of the certificates including the “notAfter” information. In the documentation (https://www.vaultproject.io/api-docs/secret/pki#list-certificates) I found
curl
–header “X-Vault-Token: …”
–request LIST
http://127.0.0.1:8200/v1/pki/certs
but I don not understand the output. There are no names or so.
Any hint? Thanks!
1 Like
So far as I know, you only get the serial numbers and then have to do a read on each certificate record (and then read the cert itself) to get that info.
I think the intimation is that you shouldn’t be reacting to extended expiration windows and should be set up to expire everything quickly and tidy regularly.
I agree though, it’d be nice to get some metadata for when things aren’t behaving.
Trying to troubleshoot an explosion of certs and there’s not a great way of sifting through everything that’s there