Got a stand-alone esxi 6.5 host (no Vcenter) with a couple of live VM's on them. As of the last few weeks i haven't been able to access the Web UI at the example address of (https://192.168.1.2/ui/#/login ). The error message in IE is as shown in the following snippet:
I have followed a few guides including:
To disable TLS1.1 - ESXI TLS configuration - Super User
Anyone got any ideas? I feel like this is due to bowsers increasing their security and only allowing certain protocols, but using the guide mentioned, my settings are here:
I'd be curious if the versions of Chrome are different between the patches and unpatched laptop. At least compare if that is what could be part of the equation.
On Chrome, you can hit F12 -> Security and see if the certificate details shed any further light.
Separately, can you check the certificate information for your ESXi host and verify the details meet the requirements on our Whitepapers? Requirements for ESXi Certificate Signing Requests
If it meets this, I am suspecting the browser may be the cause.
So i genuinely think it has to do with the newest versions of Browsers not accepting certain TLS settings from sites. Understandable, but before i start pissing around with certs for a single host i thought i'd ask if anyone else had seen it, if there was a workaround, and if it was a known issue.
On Chrome F12, see the below snippet. It doesnt elt me click on much for it - and the 'all green' makes me giggle when it doesn't trust the page
Yes, and that is the reason, why you get this message. If you do a plain vanilla install Vmware ESXi uses certificates signed by an internal CA. You have to import the root certificate of this CA as trusted root into your browsers to avoid error messages. Another option would be to install custom third party certificates from Verisign or another certificate provider.
so, i see your logic. The Cert should be fine.
So i decide to renew the cert - because perhaps it became corrupted. I followed the below guide and it had no impact:
My next step will be to create a new cert and import it using SCP, as in the below guide - but I dont see how that would be any different:
I used WIN SCP to download the rui.cert to my local machine and install it. i still get this error (please note the updated date of the self signed cert). As you can see, it has all the required properties, or am i missing something?
Still not liking it. Is my only option to set up a CA and go that way?
Set up my AD domain to have Ca - downloaded the Ca using this guide:
Installed that cert to my esxi host to the loaction /etc/vmware/ssl and guess what - still got the same error in chrome. This isnt a cert issue: