Replace Certificate2023/12/26 |
Replace the auto generated certificate when ESXi installed to the one you got by yourself like from Let's Encrypt. |
|
[1] |
Transfer the certificate you obtained to the ESXi host.
Be careful when using Let's Encrypt certificates. |
[2] | Replace certificate. |
# certificate you got by yourself [root@ctrl:~] ll /tmp/*.pem -rw-r--r-- 1 root root 5510 Dec 26 00:59 /tmp/fullchain.pem -rw------- 1 root root 1704 Dec 26 00:59 /tmp/privkey.pem # switch system to the maintenance mode [root@ctrl:~] esxcli system maintenanceMode set --enable true [root@ctrl:~] esxcli system maintenanceMode get Enabled # replace certificate [root@ctrl:/tmp] cd /etc/vmware/ssl [root@ctrl:/etc/vmware/ssl] cp -p rui.crt rui.crt.orig [root@ctrl:/etc/vmware/ssl] cp -p rui.key rui.key.orig [root@ctrl:/etc/vmware/ssl] cp /tmp/fullchain.pem ./rui.crt [root@ctrl:/etc/vmware/ssl] cp /tmp/privkey.pem ./rui.key
# restart system [root@ctrl:/etc/vmware/ssl] esxcli system shutdown reboot --reason "Replacing Certificate"
# after restarting, unset maintenance mode [root@ctrl:~] esxcli system maintenanceMode set --enable false [root@ctrl:~] esxcli system maintenanceMode get Disabled # * you can re-generate auto-generated certificate like follows [root@ctrl:~] /sbin/generate-certificates |
[3] | Make sure the certificate warnings are not shown on VMware Host Client. (only for the case your certificate is valid one) |
Sponsored Link |