Fix vCenter certificate section showing VMCA template defaults (#88)

Replace vpxd.certmgmt.certs.cn.* advanced settings reads with a direct
TLS connection to port 443, returning the actual deployed certificate.

Use SslStream with an explicit-parameter RemoteCertificateValidationCallback
for reliable PS 5.1 and 7.x compatibility. Certificate status (VALID /
EXPIRING_SOON / EXPIRING / EXPIRED) is computed from NotAfter vs the
existing soft/hard threshold advanced settings.

Fields removed: Country, Email, Locality, State, Organization,
OrganizationUnit, Validity (VMCA template settings — not the live cert).
Fields added: Subject, Issuer, ValidFrom, ValidTo, Thumbprint, CertStatus.

All five locale files (en-US, en-GB, es-ES, fr-FR, de-DE) updated.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: tpcarman

AsBuiltReport.VMware.vSphere/Language/de-DE/VMwarevSphere.psd1

@@ -62,13 +62,13 @@ GetAbrVSpherevCenter = ConvertFrom-StringData @'
     Available              = Verfügbar
     Expiration             = Ablauf
     Certificate            = Zertifikat
-    Country                = Land
-    Email                  = E-Mail
-    Locality               = Ort
-    State                  = Bundesland
-    Organization           = Organisation
-    OrganizationUnit       = Organisationseinheit
-    Validity               = Gültigkeit
+    Subject                = Betreff
+    Issuer                 = Aussteller
+    ValidFrom              = Gültig ab
+    ValidTo                = Gültig bis
+    Thumbprint             = Fingerabdruck
+    CertStatus             = Status
+    InsufficientPrivCertificate = Das vCenter Server-Zertifikat konnte nicht abgerufen werden. {0}
     Mode                   = Modus
     SoftThreshold          = Weicher Schwellenwert
     HardThreshold          = Harter Schwellenwert

AsBuiltReport.VMware.vSphere/Language/en-GB/VMwarevSphere.psd1

@@ -62,13 +62,13 @@ GetAbrVSpherevCenter = ConvertFrom-StringData @'
     Available              = Available
     Expiration             = Expiration
     Certificate            = Certificate
-    Country                = Country
-    Email                  = Email
-    Locality               = Locality
-    State                  = State
-    Organization           = Organization
-    OrganizationUnit       = Organization Unit
-    Validity               = Validity
+    Subject                = Subject
+    Issuer                 = Issuer
+    ValidFrom              = Valid From
+    ValidTo                = Valid To
+    Thumbprint             = Thumbprint
+    CertStatus             = Status
+    InsufficientPrivCertificate = Unable to retrieve vCenter Server certificate. {0}
     Mode                   = Mode
     SoftThreshold          = Soft Threshold
     HardThreshold          = Hard Threshold

AsBuiltReport.VMware.vSphere/Language/en-US/VMwarevSphere.psd1

@@ -62,13 +62,13 @@ GetAbrVSpherevCenter = ConvertFrom-StringData @'
     Available              = Available
     Expiration             = Expiration
     Certificate            = Certificate
-    Country                = Country
-    Email                  = Email
-    Locality               = Locality
-    State                  = State
-    Organization           = Organization
-    OrganizationUnit       = Organization Unit
-    Validity               = Validity
+    Subject                = Subject
+    Issuer                 = Issuer
+    ValidFrom              = Valid From
+    ValidTo                = Valid To
+    Thumbprint             = Thumbprint
+    CertStatus             = Status
+    InsufficientPrivCertificate = Unable to retrieve vCenter Server certificate. {0}
     Mode                   = Mode
     SoftThreshold          = Soft Threshold
     HardThreshold          = Hard Threshold

AsBuiltReport.VMware.vSphere/Language/es-ES/VMwarevSphere.psd1

@@ -62,13 +62,13 @@ GetAbrVSpherevCenter = ConvertFrom-StringData @'
     Available              = Disponible
     Expiration             = Vencimiento
     Certificate            = Certificado
-    Country                = País
-    Email                  = Correo electrónico
-    Locality               = Localidad
-    State                  = Estado
-    Organization           = Organización
-    OrganizationUnit       = Unidad organizativa
-    Validity               = Validez
+    Subject                = Asunto
+    Issuer                 = Emisor
+    ValidFrom              = Válido desde
+    ValidTo                = Válido hasta
+    Thumbprint             = Huella digital
+    CertStatus             = Estado
+    InsufficientPrivCertificate = No se puede recuperar el certificado del servidor vCenter. {0}
     Mode                   = Modo
     SoftThreshold          = Umbral suave
     HardThreshold          = Umbral estricto

AsBuiltReport.VMware.vSphere/Language/fr-FR/VMwarevSphere.psd1

@@ -62,13 +62,13 @@ GetAbrVSpherevCenter = ConvertFrom-StringData @'
     Available              = Disponible
     Expiration             = Expiration
     Certificate            = Certificat
-    Country                = Pays
-    Email                  = E-mail
-    Locality               = Localité
-    State                  = État
-    Organization           = Organisation
-    OrganizationUnit       = Unité organisationnelle
-    Validity               = Validité
+    Subject                = Sujet
+    Issuer                 = Émetteur
+    ValidFrom              = Valide à partir de
+    ValidTo                = Valide jusqu'au
+    Thumbprint             = Empreinte numérique
+    CertStatus             = Statut
+    InsufficientPrivCertificate = Impossible de récupérer le certificat du serveur vCenter. {0}
     Mode                   = Mode
     SoftThreshold          = Seuil souple
     HardThreshold          = Seuil strict

AsBuiltReport.VMware.vSphere/Src/Private/Get-AbrVSpherevCenter.ps1

@@ -199,29 +199,55 @@ function Get-AbrVSpherevCenter {
                         #region vCenter Server Certificate
                         if ($vCenter.Version -ge 6) {
                             Section -Style Heading3 $LocalizedData.Certificate {
-                                $VcenterCertMgmt = [PSCustomObject]@{
-                                    $LocalizedData.Country = ($vCenterAdvSettings | Where-Object { $_.name -eq 'vpxd.certmgmt.certs.cn.country' }).Value
-                                    $LocalizedData.Email = ($vCenterAdvSettings | Where-Object { $_.name -eq 'vpxd.certmgmt.certs.cn.email' }).Value
-                                    $LocalizedData.Locality = ($vCenterAdvSettings | Where-Object { $_.name -eq 'vpxd.certmgmt.certs.cn.localityName' }).Value
-                                    $LocalizedData.State = ($vCenterAdvSettings | Where-Object { $_.name -eq 'vpxd.certmgmt.certs.cn.state' }).Value
-                                    $LocalizedData.Organization = ($vCenterAdvSettings | Where-Object { $_.name -eq 'vpxd.certmgmt.certs.cn.organizationName' }).Value
-                                    $LocalizedData.OrganizationUnit = ($vCenterAdvSettings | Where-Object { $_.name -eq 'vpxd.certmgmt.certs.cn.organizationalUnitName' }).Value
-                                    $LocalizedData.Validity = "$(($vCenterAdvSettings | Where-Object {$_.name -eq 'vpxd.certmgmt.certs.daysValid'}).Value / 365) years"
-                                    $LocalizedData.Mode = ($vCenterAdvSettings | Where-Object { $_.name -eq 'vpxd.certmgmt.mode' }).Value
-                                    $LocalizedData.SoftThreshold = "$(($vCenterAdvSettings | Where-Object {$_.name -eq 'vpxd.certmgmt.certs.softThreshold'}).Value) days"
-                                    $LocalizedData.HardThreshold = "$(($vCenterAdvSettings | Where-Object {$_.name -eq 'vpxd.certmgmt.certs.hardThreshold'}).Value) days"
-                                    $LocalizedData.MinutesBefore = ($vCenterAdvSettings | Where-Object { $_.name -eq 'vpxd.certmgmt.certs.minutesBefore' }).Value
-                                    $LocalizedData.PollInterval = "$(($vCenterAdvSettings | Where-Object {$_.name -eq 'vpxd.certmgmt.certs.pollIntervalDays'}).Value) days"
-                                }
-                                $TableParams = @{
-                                    Name = ($LocalizedData.TableCertificate -f $vCenterServerName)
-                                    List = $true
-                                    ColumnWidths = 40, 60
-                                }
-                                if ($Report.ShowTableCaptions) {
-                                    $TableParams['Caption'] = "- $($TableParams.Name)"
+                                try {
+                                    $SslCallback = [System.Net.Security.RemoteCertificateValidationCallback]{
+                                        param($sender, $cert, $chain, $errors) $true
+                                    }
+                                    $TcpClient = New-Object -TypeName System.Net.Sockets.TcpClient -ArgumentList ($vCenterServerName, 443)
+                                    $SslStream = New-Object -TypeName System.Net.Security.SslStream -ArgumentList (
+                                        $TcpClient.GetStream(), $false, $SslCallback
+                                    )
+                                    $SslStream.AuthenticateAsClient($vCenterServerName)
+                                    $VIMachineCert = [System.Security.Cryptography.X509Certificates.X509Certificate2]$SslStream.RemoteCertificate
+                                    $SslStream.Dispose()
+                                    $TcpClient.Dispose()
+                                    $SoftThresholdDays = ($vCenterAdvSettings | Where-Object { $_.name -eq 'vpxd.certmgmt.certs.softThreshold' }).Value
+                                    $HardThresholdDays = ($vCenterAdvSettings | Where-Object { $_.name -eq 'vpxd.certmgmt.certs.hardThreshold' }).Value
+                                    $DaysRemaining = ($VIMachineCert.NotAfter - (Get-Date)).Days
+                                    $CertificateStatus = if ($DaysRemaining -le 0) {
+                                        'EXPIRED'
+                                    } elseif ($null -ne $HardThresholdDays -and $DaysRemaining -le [int]$HardThresholdDays) {
+                                        'EXPIRING'
+                                    } elseif ($null -ne $SoftThresholdDays -and $DaysRemaining -le [int]$SoftThresholdDays) {
+                                        'EXPIRING_SOON'
+                                    } else {
+                                        'VALID'
+                                    }
+                                    $VcenterCertMgmt = [PSCustomObject]@{
+                                        $LocalizedData.Subject       = $VIMachineCert.Subject
+                                        $LocalizedData.Issuer        = $VIMachineCert.Issuer
+                                        $LocalizedData.ValidFrom     = $VIMachineCert.NotBefore
+                                        $LocalizedData.ValidTo       = $VIMachineCert.NotAfter
+                                        $LocalizedData.Thumbprint    = $VIMachineCert.Thumbprint
+                                        $LocalizedData.CertStatus    = $CertificateStatus
+                                        $LocalizedData.Mode          = ($vCenterAdvSettings | Where-Object { $_.name -eq 'vpxd.certmgmt.mode' }).Value
+                                        $LocalizedData.SoftThreshold = "$(($vCenterAdvSettings | Where-Object { $_.name -eq 'vpxd.certmgmt.certs.softThreshold' }).Value) days"
+                                        $LocalizedData.HardThreshold = "$(($vCenterAdvSettings | Where-Object { $_.name -eq 'vpxd.certmgmt.certs.hardThreshold' }).Value) days"
+                                        $LocalizedData.MinutesBefore = ($vCenterAdvSettings | Where-Object { $_.name -eq 'vpxd.certmgmt.certs.minutesBefore' }).Value
+                                        $LocalizedData.PollInterval  = "$(($vCenterAdvSettings | Where-Object { $_.name -eq 'vpxd.certmgmt.certs.pollIntervalDays' }).Value) days"
+                                    }
+                                    $TableParams = @{
+                                        Name         = ($LocalizedData.TableCertificate -f $vCenterServerName)
+                                        List         = $true
+                                        ColumnWidths = 40, 60
+                                    }
+                                    if ($Report.ShowTableCaptions) {
+                                        $TableParams['Caption'] = "- $($TableParams.Name)"
+                                    }
+                                    $VcenterCertMgmt | Table @TableParams
+                                } catch {
+                                    Write-PScriboMessage -IsWarning ($LocalizedData.InsufficientPrivCertificate -f $_.Exception.Message)
                                 }
-                                $VcenterCertMgmt | Table @TableParams
                             }
                         }
                         #endregion vCenter Server Certificate

CHANGELOG.md

@@ -11,6 +11,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Fixed
 
+- Fix vCenter Server Certificate section reporting VMCA template defaults instead of the actual deployed TLS certificate; now reads the live certificate directly from port 443 ([#88](https://github.com/AsBuiltReport/AsBuiltReport.VMware.vSphere/issues/88))
 - Fix null disk group crash in OSA vSAN clusters where disk groups have not yet been claimed ([#113](https://github.com/AsBuiltReport/AsBuiltReport.VMware.vSphere/issues/113))
 - Fix `An item with the same key has already been added. Key: LinkedView` error when generating TEXT format reports ([#130](https://github.com/AsBuiltReport/AsBuiltReport.VMware.vSphere/issues/130))
 - Fix "Index operation failed; the array index evaluated to null" crash and `Global.Licenses` privilege errors when querying ESXi host/vCenter licensing on vCenter 8.0.2 ([#123](https://github.com/AsBuiltReport/AsBuiltReport.VMware.vSphere/issues/123))