Introduction
Expired SSL certificates in a Nutanix cluster can block Prism logins, alerting integrations, and API functionality. This article walks you through a Bash-based monitoring script to track certificate expiry and generate alerts before disruptions occur.
My Personal Repository on GitHub
Diagram: SSL Monitoring Flow
What It Checks
- SSL expiration date from the Prism Element or Central endpoint
- Time remaining in days
- Sends log or alert if under threshold
Bash Script: nutanix_cert_check.sh
#!/usr/bin/env bash
set -euo pipefail
host="ntx-prism.local"
port=9440
warn_days=30
log="/var/log/nutanix_cert_check.log"
expiry_date=$(echo | openssl s_client -connect "${host}:${port}" -servername "$host" 2>/dev/null | openssl x509 -noout -enddate | cut -d= -f2)
expiry_epoch=$(date -d "$expiry_date" +%s)
now_epoch=$(date +%s)
days_left=$(( (expiry_epoch - now_epoch) / 86400 ))
echo "[$(date)] Certificate expires in $days_left days on $expiry_date" >> "$log"
if (( days_left < warn_days )); then
echo "⚠️ Nutanix certificate expires in $days_left days!" | mailx -s "Nutanix SSL Certificate Warning" secops@example.com
fi
Schedule with Cron
0 7 * * * /usr/local/bin/nutanix_cert_check.sh
Runs daily at 7:00 AM and alerts if certificate nears expiry.
Optional Enhancements
- Push to Slack or ServiceNow
- Export metrics to Prometheus using
curlorpushgateway - Combine with renewal script (if using custom CA chain)
Manual Renewal Reference
For manual renewal or CSR submission:
Summary
Using a Bash script to check Nutanix SSL expiration helps ensure secure operations. Combine this check with alerting and renewal practices to prevent expired cert outages across Prism or API workflows.
External Documentation:
Nutanix Metro: Advanced Deployment, Configuration, and Best Practices for Production Environments
Table of Contents 1. Introduction to Nutanix Metro Nutanix Metro, also called Nutanix Metro Availability, is a business continuity and disaster recovery...