Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
429
Views
0
Helpful
1
Replies

How to get the x509 certificate expiry date from ACI CLI?

rajangahlout
Level 1
Level 1

‎02-12-2024 09:55 PM

Hi Team,

I want to get the expiry date of admin user x509 certificate from ACI CLI.
From GUI I am able to find the same.
Also please let me know how we can autorotate it before the expiry of same.

Thanks

Labels:
0 Helpful
1 Reply 1

Katherine561Neufeld
Level 1
Level 1

‎02-12-2024 10:21 PM - edited ‎02-13-2024 08:35 PM

To get the expiry date of admin user x509 certificate from ACI CLI, you can use the following command:

openssl x509 -enddate -noout -in /securedata/ssl/CatNeedsBest/server.crt/

This command will show you the notAfter date, which is the expiration date of the certificate.

To autorotate the x509 certificate before it expires, you can use the act_util key_pair rotate command, which will generate a new key pair and certificate, and update the APIC configuration accordingly. You can also specify the number of days before expiration to trigger the rotation, for example:

act_util key_pair rotate 30

This command will rotate the key pair and certificate 30 days before the expiration date.

I hope this helps you manage your x509 certificates with ACI CLI. If you need more assistance, please let me know.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card