ESXi 7u2 to 8u2 upgrade ad rui.crt is incompatible

athompson88 · ‎10-25-2023

I decided to upgrade my home ESXi server and got the following error.

[HardwareError]
Hardware precheck of profile ESXi-8.0U2-22380479-standard failed with errors: <SHA1_CERT ERROR: SHA-1 signature found in host certificate rui.crt with subject /C=US/ST=California/L=Palo Alto/O=VMware/Inc/OU=VMware ESX Server Default Certificate/emailAddress=ssl-certificates@vmware.com/CN=localhost.<redacted>.net/unstructuredName=1406949521,564d7761726520496e632e. Support for certificates with weak signature algorithm SHA-1 has been removed in ESXi 8.0. To proceed with upgrade, replace it with a SHA-2 signature based certificate. Refer to release notes and KB 89424 for more details.>
Please refer to the log file for more details.

I did check that note, but I'm a lightweight when it comes to certificates. I assume this is the certificate that was generated as part of my original installation all the way back in 2014. When I went under Security and Users -> Certificates, there's only one shown and Issuer is "O=VMware Installer".

So how do I go about safely overcoming this so I can upgrade?

jsm79 · ‎10-26-2023

Try the steps in this article: Upgrading vCenter Server or ESXi 8.0 fails during precheck due to a weak certificate signature algorithm (89424)

https://kb.vmware.com/s/article/89424

Let us know if you run into any snags.

athompson88 · ‎10-26-2023

That article wasn't remedial enough for me. However I found a website that got me past the error, but then I hit yet another snag after the upgrade, and opened this topic with way more details.

https://communities.vmware.com/t5/ESXi-Discussions/After-upgrade-from-7-to-8-x509-certificate-routin...

Fortunately I was able to roll back successfully to prior to any work I'd done, so the host is live and working, but back at 7u2.

All

ESXi 7u2 to 8u2 upgrade ad rui.crt is incompatible