Well, I was fooling around, and tried a different method. Pretty sure I broke it.

Now when I try your method, I get:

C:\Program Files\VMware\VMware VI Remote CLI\bin>vifs.pl --server=x.x.x.x --put certificate.crt /host/ssl_cert

Enter username: root

Enter password:

Error connecting to server at 'https://x.x.x.x/sdk/webService': Perhaps host is not a Virtual Center or ESX server

Actually, I can't login remotely as a result of my fooling around. Any suggestions?

Jase McCarty

http://www.jasemccarty.com

Co-Author of VMware ESX Essentials in the Virtual Data Center

(ISBN:1420070274) from Auerbach

If you access the console (ALT+F1) you can regenerate the certificate.

Edit the hosts file to suit

1. vi /etc/hosts

and add the ip and server nameto the hosts file

127.0.0.1 localhost.localdomain localhost

192.168.1.10 vm1.domainame.com

Run the create_certificate utility to generate a new ssl certificate.

#create_certificates

The server will need to be restarted before it takes effect.

If someone could confirm this it would be helpful.

That solution does not work for ESXi, since it doesn't have an actual console (only a menu where the network settings and root password can be configured).

Have a look at http://www.vm-help.com/esx/esx3i/ESXi_enable_SSH.php You will find that you can get a console..You can even do this through an SSH connection. I am reasonably sure the above procedure does work.

The create_certificates will recreate the self-signed cert for the host. You can also copy a replacement cert / private key if you want to use a certificate generated by a CA - http://www.vm-help.com/esx/esx3i/change_name_and_cert.php.

I've found a way to use ESXi's openssl to get certificate from win2003 CA.

1) Get into ESXi's ssh.

2) cp /sbin/create_certificates /tmp

3) cd /tmp ; vi create_certificates # to extract the part that creates cert.cnf, then create cert.cnf

4) openssl req -newkey rsa:1024 -keyout rui.key -out rui.csr -config cert.cnf

5) Copy rui.csr to local disk via clipboard.

On CA host:

6) certreq -submit -attrib "CertificateTemplate:WebServer" rui.csr

7) If your CA issues certs automatically, save the certificate to rui.crt

- else -

certreq -retrieve rui.crt

(I use certreq 'cause my CA Web Services doesn't offer WebServer template.)

😎 Copy rui.key and rui.crt to /etc/vmware/ssl

9) Reboot ESXi.

There is no "create-certificates" command:

~ # uname -a

VMkernel vm1 3.5.0 #1 SMP Release build-123629 Oct 15 2008 21:03:57 i686 unknown

~ # create-certificates

bash: create-certificates: not found

Is it necessary to do this with openssl? Or has something changed in the newest release?

Use the full path and "create_certificates" (underline)

I am trying to upgrade the SSL certificate on ESXi 3.5.0 build 163429. The steps you have mentioned will be very useful. Can you please tell me how to create a new 128 bit SSL encryption certificate.

Thanks In Advance

Hi,

i am doing the regenerating the certificate using vmware shell.

you have given the steps for doing this.

i just want to get the cerficate with beyond than generate-cerfiicates.sh command(this command directly generates the certificate

what i want is to make my own certificates with mentioned some options atleast changing the key length.

i tried modifying the generate-certificates.sh

cp generate-certificates.sh /tmp

cd tmp

vi generate-certificates.sh

and tried to modify the bit length as 1024. But while in exit it is not allowing me to do changes in that file.

i just want to generate rui.crt file (with rui.key and rui.csr file) and make my own certificate. so that i can show to professor that i have done some changes to the file.

In your steps here,

1) Get into ESXi's ssh.

2) cp /sbin/create_certificates /tmp

3) cd /tmp ; vi create_certificates   # to extract the part that creates cert.cnf, then create cert.cnf

4) openssl req -newkey rsa:1024 -keyout rui.key -out rui.csr -config cert.cnf

5) Copy rui.csr to local disk via clipboard.

On CA host:

6) certreq -submit -attrib "CertificateTemplate:WebServer" rui.csr

7) If your CA issues certs automatically, save the certificate to rui.crt

- else -

certreq -retrieve  rui.crt

(I use certreq 'cause my CA Web Services doesn't offer WebServer template.)

😎 Copy rui.key and rui.crt to /etc/vmware/ssl

9) Reboot ESXi.

i am unable to get the 3,5,7  steps as i have no knowlege on cert.cnf  and operations on esxi and terminology on esxi.

with this my project will be over..

Please guide me for this task..

thank you..

As i do not know much more about vmware esxi i also followed the steps of the below document.

i am using esxi 4.1

http://blogs.freebsdish.org/tmclaugh/2009/02/17/some-vmware-esxi-post-install-notes/

But here it need openssl.cnf as it is not there in esxi shell

i just want the part from the esxi shell where you mentioned the cert.cnf where it is equivalent to openssl.cnf (because we also need x509 certificate i am not sure from where to where to copy and how to copy in esxi)

SO that i can follow remaining steps of the document.

i installled esxi on vmware workstation.

when i run vmfs.pl commands those are also not working.

vsphere client also not giving the right direction to me(may be because i am not in touch with)

Please help me..

Thank you..