ras_infra_get_certificates
List and audit SSL/TLS certificates in a Parallels RAS farm to check expiration dates, verify assignments, and monitor certificate inventory.
Instructions
List the certificate inventory for the RAS farm, including certificate names, expiration dates, issuers, and usage. Use this to audit SSL/TLS certificates, check for upcoming expirations, or verify certificate assignments.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||
Implementation Reference
- src/tools/infrastructure.ts:131-150 (registration)Tool registration and handler implementation for ras_infra_get_certificates. This read-only tool fetches certificate inventory from the RAS API endpoint /api/infrastructure/certificates and returns the data as formatted JSON.server.registerTool( "ras_infra_get_certificates", { title: "Certificates", description: "List the certificate inventory for the RAS farm, including certificate names, " + "expiration dates, issuers, and usage. Use this to audit SSL/TLS certificates, " + "check for upcoming expirations, or verify certificate assignments.", annotations: READ_ONLY_ANNOTATIONS, inputSchema: {}, }, async () => { try { const data = await rasClient.get("/api/infrastructure/certificates"); return { content: [{ type: "text" as const, text: JSON.stringify(data, null, 2) }] }; } catch (err) { return { content: [{ type: "text" as const, text: sanitiseError(err, "Failed to retrieve certificates") }], isError: true }; } } );
- src/tools/infrastructure.ts:142-149 (handler)The actual handler function that executes the tool logic. It makes an authenticated GET request to /api/infrastructure/certificates, formats the response as JSON, and handles errors with sanitization.async () => { try { const data = await rasClient.get("/api/infrastructure/certificates"); return { content: [{ type: "text" as const, text: JSON.stringify(data, null, 2) }] }; } catch (err) { return { content: [{ type: "text" as const, text: sanitiseError(err, "Failed to retrieve certificates") }], isError: true }; } }
- src/client.ts:128-166 (helper)The rasClient.get method that performs authenticated API requests to the RAS backend. It handles login, auth token management, retries on 401 errors, and request timeouts.async get(path: string): Promise<unknown> { // Ensure we have a valid session if (!this.authToken) { await this.login(); } const fetchOptions = { method: "GET" as const, headers: { ...this.headers, auth_token: this.authToken!, }, signal: AbortSignal.timeout(REQUEST_TIMEOUT_MS), }; let response = await fetch(`${this.baseUrl}${path}`, fetchOptions); // Token may have expired — re-authenticate once and retry if (response.status === 401) { await this.login(); response = await fetch(`${this.baseUrl}${path}`, { ...fetchOptions, headers: { ...this.headers, auth_token: this.authToken!, }, signal: AbortSignal.timeout(REQUEST_TIMEOUT_MS), }); } if (!response.ok) { const body = await response.text(); throw new Error( `RAS API error (HTTP ${response.status}) on ${path}: ${body.substring(0, 300)}` ); } return response.json(); }
- src/client.ts:43-54 (helper)The sanitiseError utility function that removes sensitive information (auth tokens, passwords) from error messages and truncates excessively long responses to prevent information leakage.function sanitiseError(err: unknown, context: string): string { const raw = err instanceof Error ? err.message : String(err); // Remove anything that looks like a token or password value let sanitised = raw .replace(/auth_token[=:]\s*\S+/gi, "auth_token=[REDACTED]") .replace(/password[=:]\s*\S+/gi, "password=[REDACTED]"); // Truncate excessively long API response bodies if (sanitised.length > 500) { sanitised = sanitised.substring(0, 500) + "... (truncated)"; } return `${context}: ${sanitised}`; }