Automating CA Self-Signed Certificates for ESXi 5.1 for use with resxtop

Version 1

    This is a shell script that generates CA self-signed SSL Certificates which accepts a file as input that contains the list of FQDN hostnames of your ESXi 5.1 hosts. The script will generate a CA Cert which will then be used to sign & create both the rui.crt and rui.key which can then be uploaded to your ESXi 5.1 hosts, so you can use resxtop which currently validates proper SSL Certificates on ESXi 5.1 host.


    For more details, please take a look at the following blog article:


    Here is are some screenshots on how the script works:


    Script will generate rui.crt and rui.key for each ESXi hostname specified in their own directory


    Once the certificates have been created, you will need to copy them to your ESXi hosts /etc/vmware/ssl directory using SCP or vifs utility which is part of vCLI


    For the changes to go into effect, you must restart the rhttpproxy service on each ESXi 5.1 host


    Now you will need to export both HTTPS_CA_DIR & HTTPS_CA_FILE which must point to the CA Cert that was generated from the script before you can connect to any of your ESXi 5.1 hosts.


    Note: Do not delete or lose the cacert.pem file, else you will need to re-generate new SSL Certificates