How To View RKE Generated Cluster Certificates Expiry On Server And Agent Nodes?

How to view cluster certificates expiry on server and agent nodes?

To view the cluster certificates on the server or the agent nodes:

  1. Login to the server/agent node.
  2. This activity requires sudo access, hence grant the root control to the user performing the action.
  3. Create a custom file:
  • vim certificate.sh
  1. Paste the below content:
  • if [[ -d "/var/lib/rancher/rke2/server/tls" ]]; then
      dir="/var/lib/rancher/rke2/server/tls"
    elif [[ -d "/var/lib/rancher/rke2/agent/tls" ]]; then
      dir="/var/lib/rancher/rke2/agent/tls"
    else
    dir="/var/lib/rancher/rke2/agent/"
    fi
    # Loop through each .crt file in the directory
    for file in "$dir"/*.crt; do
    # Extract the expiry date from the certificate
    expiry=$(openssl x509 -enddate -noout -in "$file" | cut -d= -f 2-)
    # Get the file name without the path
    filename=$(basename "$file")
    # Print the filename and expiry date in a pretty format
    printf "%-30s %s\n" "$filename:" "$expiry"
    done
    
  1. Grant execute permission to the user:
  • chmod +x certificate.sh
  1. Execute the following:
  • ./certificate.sh

The output should look like the below screenshot: