`vim_host_certificate`¶

ESXi host SSL certificate management via CertificateManager.

Hosts have an SSL cert used for management plane (vCenter ↔ ESXi, KMS, SAML). Cert lifecycle: read PEM + expiry, generate CSR, install a signed cert, refresh (re-fetch from KMS / VECS), refresh CA bundle.

saltext.vcf.clients.vim_host_certificate.info(opts, host, profile=None)[source]¶: Return cert metadata: {issuer, subject, not_before, not_after, pem, days_until_expiry}.

saltext.vcf.clients.vim_host_certificate.generate_csr(opts, host, useip=True, profile=None)[source]¶: Generate a CSR for host. Returns the PEM-encoded CSR string.

saltext.vcf.clients.vim_host_certificate.install_cert(opts, host, cert_pem, profile=None)[source]¶: Install a signed certificate PEM on host. Synchronous.

saltext.vcf.clients.vim_host_certificate.refresh_cert(opts, host, profile=None)[source]¶: Re-fetch the certificate from the VECS / KMS store on host.

saltext.vcf.clients.vim_host_certificate.refresh_ca_bundle(opts, host, profile=None)[source]¶: Refresh the trusted CA bundle on host.