i have installed esxi 41. on vmware workstation.I would like to regenerate the certifcate as my professor asked me to attempt to change the server certiifcate with some modification to the certiifcate.
http://www.vmware.com/pdf/vsphere4/r41/vsp_41_esxi_server_config.pdf
1 Put the host into Maintenance Mode.
2 Use the vifs command to put a copy of the certificate and key files on the ESXi host.
The form this command takes for the certificate and key respectively is:
vifs --server <hostname> --username <username> --put rui.crt /host/ssl_cert
vifs --server <hostname> --username <username> --put rui.key /host/ssl_key
3 Use the Restart Management Agents operation through the direct console to have the settings take effect.
4 Exit Maintenance Mode.
i am not getting how to work with vifs command..actually i tried in google but i am not getting where to use this command.
2nd procedure
Put the host into Maintenance Mode.
2 In your upload application, open the file.
.3 Publish the file to one of these locations.
In the direct console, use the Restart Management Agents operation to have the settings take effect.
Exit Maintenance Mode.
as i do not have much knowldge on this i am not getting how to upload the certiificate and key
if anybody can tell about the above two procedures i am very happy.
I TRIED THE ALTERNATIVE>
In esxi command shell there is a command /sbin/generate-certificates.sh which generates the cert.cnf on its own and work on its own and regenerate the certificate with openssl command (the script executes all of the command sequenece ) and delete the intermediate files after regeneration of the certification is over.
Now i want the intermediate files cert.cnf( which is same as openssl.cnf for generating rui.csr file from the given rui.key
in general this cert.cnf is used as -config "c:/openssl/ssl/openssl.cnf"................with out this we can not generate the rui.csr file.
But in esxi command shell this is intermediate file from the script of generate-cerificates.sh
in internet searching i got one answer which is the way to get the cert.cnf
1) Get into ESXi's ssh.
2) cp /sbin/create_certificates /tmp
3) cd /tmp ; vi create_certificates # to extract the part that creates cert.cnf, then create cert.cnf
i did not get the 3rd step so i cannot able to do this.
if i am able to create the cert.cnf then it is possible to me to generate the rui.csr file which in turn i can create rui.crt file also
steps are given in internet
1) Generate the “rui.key” file:# openssl genrsa -out /etc/ssl/private/rui.key 10242) Create the certificate signing request:# openssl req -new -text -key /etc/ssl/private/rui.key -out /etc/ssl/rui.csr3) Sign with your own CA. (Or send the file off to your CA.):# openssl x509 -req -text -days 7000 -in /etc/ssl/rui.csr -CA /etc/ssl/CA.crt \-CAkey /etc/ssl/private/CA.key -out /etc/ssl/rui.crt4) Set proper file permissions:# chmod 0400 /etc/ssl/private/rui.keychmod 0444 /etc/ssl/rui.crt5) Copy the files over to the ESXi host and delete the ones just created:# scp /etc/ssl/rui.crt /etc/ssl/private/rui.key esxihost:/etc/vmware/ssl# rm /etc/ssl/rui.crt /etc/ssl/rui.csr /etc/ssl/private/rui.keythe actual step for the 2nd step is
openssl req -new -text -key /etc/ssl/private/rui.key -config "path of the cert.cnf" -out /etc/ssl/rui.csr
then i can get the out of problem with the 2nd step. later i will follow the 3 4 5 steps.
Please tell some suggestions on this.
