VMware vSphere ESXi 8.0 Certificate Replacement via SSH
=
Today, I had an Interesting one. As this was a new install of VMware vSphere ESXi 8.0, or at least within a few days. And low and behold, it has a expired Certificate!? This is a technical write up, with the steps I performed to fix it in my own lab.
When I logged into the Host I Saw the following.
That isn’t good, lets go fix it.
Step 1. Google.
I found this write up by Jesus Vigo in Security
”
“By default, VMware host servers, like ESXi hosts typically generate new certificates when the hypervisor is installed on bare-metal hardware. Through the process of configuring the host and allocating resources, it is common for the server configuration to undergo many settings changes as you harden your device.
However, while the process to join the server to AD may be straightforward, it can and certainly will consistently fail if the SSL certificates used by the VMware host are expired, invalid, or otherwise corrupted.
“
Ok, lets get to it!
First lets enable SSH, Go to Manage , Services.
Select TSM-SSH, Name SSH and Click start
Next, lets login via ssh. I used Putty.
Lets move to the dir that has the SSL keys to back up the keys. Per the above write up.
cd /etc/vmware/ssl
Then run the following.
mv rui.crt rui.crt.bak mv rui.key rui.key.bak
But I got the following error.
So we are going to move on.
Next type /sbin/generate-certificates
Then /etc/init.d/hostd restart
Looks like that worked, lets see!
Log back into the VMware Host via the web interface.
Ta da!
Make sure to disable SSH, or reboot to do so.
Thanks for reading
M.S., CISSP, Director of IT at Scanlan International, Inc., Sci-fi/Fantasy Author
2 年Nice write up Roger.