VMware Cloud Community
jeffgetz
Enthusiast
Enthusiast

ESXi 4.1 SSL Certificates

Hey All,

I need to install new 3rd Party SSL certificates on three ESXi 4.1 hosts. I've scoured these boards and the internet in general and I'm confused about the process. Every post I've seen says to use openssl on a windows server. ESXi obviously is Linux based though. There appears to be a base OpenSSL install within ESXi, and it will let me create a new key, but when I try to run the 'openssl req -new -key rui.key > rui.csr' command it fails with an error about not being able to load an openssl config file.

The procedures that I see online say to create the cert on the windows vm, presumably the vCenter server, and then push it to the host. Do you create a single csr and then push the resultant cert to each host? Am I missing something? My assumption is that individual csr's need to be created on each host. Is that not correct?

Thanks,

Jeff

Reply
0 Kudos
3 Replies
kjb007
Immortal
Immortal

Most guides out there reference SSL cert changes for vCenter, and not ESXi itself.  Since you're filling out the form with the req command, it doesn't really matter where you run it, since you ultimately end up with the cert and the key in the end, which you can move around to where you need them.

-KjB

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB
Reply
0 Kudos
jeffgetz
Enthusiast
Enthusiast

Thanks Kanuj,

So, I just need to create the csr on the vcenter server and then push out that single cert to each host. Correct?

Jeff

Reply
0 Kudos
kjb007
Immortal
Immortal

Follow the same directions to generate the new rui.crt and rui.key files and distribtue them to your hosts.  You will probably also have to restart the host agents, and reconnect the servers to vCenter.

-KjB

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB
Reply
0 Kudos