I've installed an ESXi evaluation and stumbled upon a bug. Reported it to @vmwarecares on Twitter and they've told me to report it here. This isn't a question, but merely a bug report to the development department. I couldn't submit this through the support page, as evaluations aren't listed (it requires to select a product, but there are none for that reason).
Product: VMware ESXi Version: 6.5.0 (Build 5224529) - Image profile: ESXi-6.5.0-4564106-standard (VMware, Inc.)
Category: BUG
Behaviour: When an invalid SSL certificate is uploaded through the vSphere web client, it's refused but applied nevertheless, crashing any and all of the management daemons.
Expected behaviour: When an invalid SSL certificate is uploaded through the vSphere web client, vSphere web client throws an error.
Steps to reproduce:
Steps to diagnose:
Steps to fix:
Hello,
Thank you for your post.
I am experiencing the same issue on ESXi 6.7 Lenovo Image (https://my.vmware.com/group/vmware/details?downloadGroup=OEM-ESXI67U1-LENOVO&productId=742)
SSH and ESXi Shell (over KVM) are by default disabled so I'm afraid I'll have to reinstall ESXi from scratch, that is quite a nasty bug and a waste of time.
I'll post another reply, if I find a way to restore the default certificate.
I forgot ESXi Shell and SSH can be enabled from the ESXi console: No need to reinstall ESXi
Enable SSH from the console and proceed as instructed in the first post to fix the Web Management.
Then follow VMware Knowledge Base (KB / Article 2113926) to install CA signed certificate or sensibly:
- move Base64 or PEM public certificate/key (rui.cer)
- and PKCS8 Private key (rui.key) to /etc/vmware/ssl/
- then restart management (services.sh restart) or ESXi
OMG thank u so much - this was so helpful
i put a bad certificate in there and i couldn't access the management interfaces -
So to recap - /sbin/generate-certificates will refresh it back to the old certificates and then the services.sh restart will restart the services correct?
Thanks again!