Replace Esxi host default certificate with CA-Signed Certificate


A default certificate is generated automatically for the ESXi host during installation. Because the certificate for the ESXi host was self-generated, it has not been signed and will not be given a trusted status when attempting to communicate with other servers and clients. Other network devices might not allow communication with the ESXi host until it is certified by a well-known CA. X.509 certificates are supported over SSL connections for the encrypted session.

NOTE: When replacing the default certificate of the ESXi host, if the vCenter Server stops managing the host, check whether the ESXi host has Verify Certificates enabled. If this is the case, reconnect the ESXi host to the vCenter Server using the vSphere Client.

The steps to add a CA-signed certificate are as follows:

Step 1. Log in to the ESXi host over SSH using Putty.

Step 2. Change the directories to /etc/vmware/ssl, and backup the certificate files:

# mv rui.crt rui.cert.orig

# mv rui.key rui.key.orig

Step 3. Go to the location where the new authenticated certificate rui.crt and key file rui.key are located and copy the certificate files to the directory /etc/vmware/ssl.

Step 4. Either restart the services using

# services.sh restart

or reboot the ESXi host.

About Alex Hunt

Hi All I am Manish Kumar Jha aka Alex Hunt. I am currently working in VMware Software India Pvt Ltd as Operations System Engineer (vCloud Air Operations). I have around 5 Years of IT experience and have exposure on VMware vSphere, vCloud Director, RHEL and modern data center technologies like Cisco UCS and Cisco Nexus 1000v and NSX. If you find any post informational to you please press like and share it across social media and leave your comments if you want to discuss further on any post. Disclaimer: All the information on this website is published in good faith and for general information purpose only. I don’t make any warranties about the completeness, reliability and accuracy of this information. Any action you take upon the information you find on this blog is strictly at your own risk. The Views and opinions published on this blog are my own and not the opinions of my employer or any of the vendors of the product discussed.
This entry was posted in Vmware. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s