Upload custom SSL certificate to ESXi

Version 4

    This document describes the Powershell script to upload a custom SSL certificate file and private key to ESXi using the HTTPS PUT command.


    When the ESXi host is installed you can use HTTPS PUT to upload the SSL certificate and private key to the ESXi host using the following to URLs :



    The script provide below uploads the custom SSL certificate and private key using Powershell to the URL above.


    The script has a couple of variables to take into account :




    -strESXi <hostname>


    This argument needs to be provided. It has to be the hostname of the ESXi host you want the SSL certificate and private key to be replaced.


    [In scripts variables]


    The following variables can be changed by opening the script and changing the values under Input Parameters.


    $strUser = "root"


    This is the account that is used to upload the SSL certificate and private key to the ESXi host. If you replace root you need to provide an account on the ESXi host that has at least the privilege Host.Config.AdvancedConfig to upload the SSL certificate and private key.


    $strSSLdir = "c:\temp\certificates"

    This variable tells the script where the SSL certificates and private keys of the ESXi hosts are stored. The SSL certificate and private key for an ESXi host need to be named <hostname>.crt (SSL certificate) and <hostname>.key (private key)


    [First time usage]


    The first time you execute the script, it will ask for the password for the "root" account (or the account that you provide for $strUser). The password will be stored, as a secure string,  in the <username>-credentials file. This file is located in the directory where the script is located. This wil prevent the script from asking the password each time you execute the script. If the password changes, delete the file and the script will ask for the new password.


    [Usage example]


    UploadCert2ESXi.ps1 -strESXi esx01


    [Additional info]


    If you get the following error during execution :

    Exception calling "UploadFile" with "3" argument(s): "The operation has timed out"
    At :line:206 char:25
    +       $objWebClient.UploadFile <<<< (($strESXiURL + "/host/ssl_key"),"PUT",$strHostCertFile)


    please edit this in the PS script : webRequest.Timeout = 10000;

    increase the value of 10000 until your files are uploaded to the ESXi host.


    Author : Martijn Baecke (dotNL)

    Website : http://thinkcloud.nl

    Email : baecke at gmail dot com