VMware Cloud Community
nick_nem
Contributor
Contributor

ESXi certificate renewal

Hello!

I need to change my SSL certificate on ESXi server, I managed to generate certificate request via ESXi web client, but I can't understand what certificate authority should I use to generate certificate itself.

ESXi hoster refused my support ticked: "Your request is out of the assistance perimeter, I invite you to check on the esxi forums or tutorials esxi."

 

Could you please assist me?

Thanks

Reply
0 Kudos
10 Replies
ashilkrishnan
VMware Employee
VMware Employee

Hi @nick_nem ,

What is the version of ESXi host? Support might have refused if your ESXi version is end of support life.

If you are trying to assign a certificate from certificate authority, you need to provide the certificate request files to your CA to get the certificates.

If you are trying to regenerate default VMware certificates, please refer these documents:

For 5.5 -->  Generate New Self-Signed Certificates for ESXi 

For 6.0 --> Renew or Refresh ESXi Certificates 

Hope that helps

Please mark my comment as the Correct Answer/Kudos if this solution resolved your problem

Reply
0 Kudos
nick_nem
Contributor
Contributor

Hello, @ashilkrishnan , thank you for your answer!

ESXi server version is 6.5

I am trying to assign a certificate from authority. I generated the certificate request via web client:

nick_nem_1-1612118344446.png

 

and got request file data. The problem is that I have no idea which authority I should contact, it is not mentioned anywhere. How can I get authority contacts?

 

Reply
0 Kudos
nettech1
Expert
Expert

Do you have a CA in your environment or you want to renew a self-signed cert on your esxi with a self-signed cert. 

a picture of the expired or expiring cert would be helpful 

Reply
0 Kudos
ashilkrishnan
VMware Employee
VMware Employee

@nick_nem ,

If you are using 3rd party CA, then your management should be aware of it. Checking the certificate properties from browser might help in identifying the CA.

Tags (1)
Reply
0 Kudos
nick_nem
Contributor
Contributor

The issuer of my currect cert is VMware installer:

nick_nem_0-1612161351427.png

 

Reply
0 Kudos
nettech1
Expert
Expert

What is the reasoning for replacing the cert? 

Do you have an internal CA that can issue a certificate for the request you created?

 

Reply
0 Kudos
nick_nem
Contributor
Contributor

The reason is that my browser does not accept this certificate due to invalid domain and I want to re-create it. I guess it was issued automatically by my hoster.

I do not have an internal CA.

Reply
0 Kudos
nettech1
Expert
Expert

if you don't have an internal CA, you would have to use the esxi CA to generate a new cert. 

you would also have to add the esxi CA to your trusted root CA on the computer you are accessing the esxi from

Do you have a vCenter or it's a small deployment with a  single host ?

Reply
0 Kudos
nettech1
Expert
Expert

Reply
0 Kudos
nick_nem
Contributor
Contributor

No, I don't have vCenter. Thak you for the link, I appreciate your help!

Reply
0 Kudos