A Simple Dashboard! example of 3:

In the new versions of Aria Operations Application Monitoring capabilities have been introduced including a new Telegraf-based agent.

In this post I will describe how to use the new agent to implement an easy solution to continuously check the validity of SSL/TLS certificates. The remaining days until expiration will be displayed as a simple dashboards in vROps, in that dashboard you can set Yellow, Orange or Red (Plus you can alarm/email on the metrics):

You’ll need to deploy the following:

Cloud Proxy OVA from the Broadcom website:

You’ll need a Telegraf agent VM to run the scripts, i used a small Ubuntu server for this:

This is my simple small Ubuntu VM that I’d installed the Telegraf agent on:

that runs the following simple script:

/opt/vmware/getSSLRemainigDays.sh < the script name and location.

That script needs a host name or IP address as the first argument and a port for the second. (That’s the ‘Args’ field) it gives back just a single number, that is the number of days until the certificate expires!

https://github.com/PhilsCode1836/VCF-OPS/blob/main/getSSLRemainigDays.sh

#!/bin/bash

# A simple script to calculate the remaining days until an SSL certificate expires

display_usage() {
  echo "This script must be run with two arguments:"
  echo -e "\nUsage:\n$0 FQDN TCP-Port\n"
}

datediff() {
  date1_epoch=$1
  date2_epoch=$2

  diff_days=$(( (date1_epoch - date2_epoch) / 86400 ))

  if (( diff_days > 0 )); then
    echo "$diff_days"
    exit 0
  else
   echo "0"
    exit 1
  fi
}

if (( $# != 2 )); then
  display_usage
  exit 1
fi

# Get the certificate expiration date
cert_date=$(echo | openssl s_client -servername "$1" -connect "$1:$2" 2>/dev/null | \
  openssl x509 -noout -dates | grep notAfter | cut -d= -f2)

if [[ -z "$cert_date" ]]; then
  echo "Error: Could not retrieve certificate expiration date."
  exit 1
fi

now_date=$(date)

# Convert dates to epoch seconds
cert_date_epoch=$(date -d "$cert_date" "+%s")
now_date_epoch=$(date -d "$now_date" "+%s")

# Calculate difference and print remaining days
datediff "$cert_date_epoch" "$now_date_epoch"

Hope this help, pain to setup but very useful when it’s been configured.

Also this is useful to know, when your making changes to the script after your finished hit the update button here:

Feels like it only sends the changed to the VM when you hit update, or sometime they error when it just needs your updated changes.

Could see this file get pushed out: /opt/vmware/ucp/telegraf_backup/July_17_2025_15_13/etc/telegraf/telegraf.conf

Running this command was really really helpful in troubleshooting problems that i had: it ran the telegraf config with error outputs.

sudo /opt/vmware/ucp/ucp-telegraf/usr/bin/telegraf –config /opt/vmware/ucp/telegraf_backup/July_17_2025_15_13/etc/telegraf/telegraf.conf –test

Thank you to https://thomas-kopton.de/vblog/?p=538 all this information came from his blog along with this one https://virtualg.uk/monitoring-ssl-certificate-expiry-with-vrealize-operations/