Updating an SSL Certificate for an ESXI Host Prese...

ThomasFE · ‎03-12-2021

Hello,

I put my host in maintenance mode on vcenter, then I applied a company signed certificate. On the host I can clearly see that the new valid certificate has been taken into account.
I also did a Restart Management Agents.
In VCenter, I see my host in a "no response" state. And if I want to reconnect my host, it forces me to use a VMware certificate and overwrite my signed certificate.
On Vcenter, I modified the vpxd.certmgmt.mode parameter by putting custom. But it will not add my host with the signed certificate. Thanks for your help. Regards,

harry89 · ‎03-12-2021

Is this environment used for view (VDI) machines

Harry
VCIX-DCV6.5 ,VCIX-NV6 , VCAP-CMA7
Mark answer as correct/helpful if it solves your query

Lalegre · ‎03-13-2021

Hello @ThomasFE,

The first step you need to follow is change the vpxd.certmgmt.mode of vCenter to custom. From there you will need to restart the vCenter Server for the changes to get applied.

Once vCenter is back you can go ahead and replace the rui.key and rui.crt files from inside the ESXi and join it to the Cluster.

You also need to make sure that the CA certificate is added to the TRUSTED_ROOTS certificate store in vCenter Server. Follow the next document for doing those steps: https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.psc.doc/GUID-B635BDD9-4F8A-4FD8-A4FE-752627...

All

Updating an SSL Certificate for an ESXI Host Present in VMware

thomas.ferte@accor.com