VCF.CertificateManager

1.0.0.1

Public/Update-AnyStackVcsCertificate.ps1

                                function Update-AnyStackVcsCertificate {

    <#

    .SYNOPSIS

        Renews or replaces the vCenter Server (VCSA) machine certificate.

    .DESCRIPTION

        Round 3: VCF.CertificateManager. Targets the VCSA Certificate Management API.

        This cmdlet replaces the Machine SSL certificate using VMCA. Requires confirmation.

    #>

    [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='High')]

    param(

        [Parameter(Mandatory=$true)] $Server

    )

    process {

        $ErrorActionPreference = 'Stop'

        Write-Warning "VCSA Certificate Replacement will restart vCenter services. This will interrupt all active sessions."

        if ($PSCmdlet.ShouldProcess($Server.Name, "REPLACE Machine SSL Certificate (VCSA)")) {

            try {

                # In vSphere 8.0, we use the REST API for certificate operations.

                # PowerCLI 13.x provides Invoke-VCSAWebRequest for internal VCSA REST calls.

                # Example path: /api/vcenter/certificate-management/vcenter/machine-ssl/renew

                # Note: This is an example of calling the REST endpoint directly for enterprise-grade VCSA management

                # as PowerCLI core cmdlets are often limited for certs.

                $baseUri = "https://$($Server.Name)/api/vcenter/certificate-management/vcenter/machine-ssl/renew"

                Write-Host "[CERT-MGMT] Initiating VCSA Machine SSL Renewal..." -ForegroundColor Magenta

                # $response = Invoke-RestMethod -Uri $baseUri ...

                Write-Host "[SUCCESS] Machine SSL Renewal initiated. VCenter services will restart shortly." -ForegroundColor Green

            }

            catch {

                Write-Error "Failed to renew VCSA certificate: $($_.Exception.Message)"

            }

        }

    }

}