I have all esxi on vcenter show "ESXi Host Certificate Status", I checked will expire in 2 weeks, I found KB for this issue
So I just need to confirm on each esxi on vcenter i need to go to esxi---configure---certificate then do renew then do refresh, or renew option enough?
Do i need to change any thing before that or above steps enough?
VMware use standard X.509 version 3 certificates to encrypt session information sent over Secure Socket Layer protocol connections between the client and the server. If you want to replace default certificates for vCenter Server and ESXi , the certificates you obtain for your servers must be signed and must conform to the Privacy Enhanced Mail (PEM) key format. The key used to sign certificates must be a standard RSA key with an encryption length that ranges from 512 to 4,096 bits. The recommended length is 2,048 bits.
Hi
I shared KB to renew the certificate, could you please check if I can do that, I see you explain more details, I do not want to replace certificate, my current certificate will expire in 2 weeks, so can i use steps on KB to refresh? my certificate mode is VCMA
Correct - just do the renew part (unless your VCSA certs (MACHINE_SSL_CERT and Trusted_Root) are expiring as well, not just the ESXi hosts)
Thanks for sharing.
Thanks for your input;
Could you please help me how I can check/verify (MACHINE_SSL_CERT and Trusted_Root) expiration date ?