NeenaJim
Contributor
Contributor

Reset / Revert the SSL certificate back to the default one

Hello,

Almost 3 weeks before we have installed custom certificates to our all ESXi hosts (6.7). But now we see some issues with the VMs and suspecting because of SSL. Here the requirement is revert it back to default SSL cert for couple of ESXi hosts (50+).

I have the ESXi hosts names saved in the notepad located in : D:\ESX\name.txt

Is there any easy way we can connect (SSH) all the ESXi hosts in the notepad and choose the option 8 to reset all certificates ?

I am novice in scripting. 

 

NeenaJim_0-1615308199125.png

 

0 Kudos
2 Replies
LucD
Leadership
Leadership

You can use the Posh-SSH module to connect to each ESXi node.
In a Foreach loop read the .txt file (Get-Content), and for each ESXi node connect via SSH. See for example Use Posh-SSH instead of PuTTY

Optionally you can make a backup of the current certificate.

Then run the /sbin/generate-certificates command on the ESXi node.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
LucD
Leadership
Leadership

Something like this for example.
It assumes all ESXi nodes use the same root password.

$user = 'root'
$pswd = 'VMware1!'
$cred = New-Object -TypeName PSCredential -ArgumentList $user,(ConvertTo-SecureString -String $pswd -AsPlainText -Force)

$cmdSub = '/sbin/generate-certificates'

Get-Content -Path .\esxnames.txt -PipelineVariable row |
ForEach-Object -Process {
    $session = New-SSHSession -ComputerName $row -Credential $cred –AcceptKey
    $result = Invoke-SSHCommand -SSHSession $session -Command $cmdSub 
    Remove-SSHSession -SSHSession $session | Out-Null 
}


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos