How to view cluster certificates expiry on server and agent nodes?
To view the cluster certificates on the server or the agent nodes:
- Login to the server/agent node.
- This activity requires sudo access, hence grant the root control to the user performing the action.
- Create a custom file:
-
vim certificate.sh
- Paste the below content:
-
if [[ -d "/var/lib/rancher/rke2/server/tls" ]]; then dir="/var/lib/rancher/rke2/server/tls" elif [[ -d "/var/lib/rancher/rke2/agent/tls" ]]; then dir="/var/lib/rancher/rke2/agent/tls" else dir="/var/lib/rancher/rke2/agent/" fi # Loop through each .crt file in the directory for file in "$dir"/*.crt; do # Extract the expiry date from the certificate expiry=$(openssl x509 -enddate -noout -in "$file" | cut -d= -f 2-) # Get the file name without the path filename=$(basename "$file") # Print the filename and expiry date in a pretty format printf "%-30s %s\n" "$filename:" "$expiry" done
- Grant execute permission to the user:
-
chmod +x certificate.sh
- Execute the following:
-
./certificate.sh
The output should look like the below screenshot: