VMware Cloud Community
jeremywall
Contributor
Contributor

Failed - Cannot change the host configuration.

Hi all

Just a question regarding uploading a new SSL to ESXi host 6.5

Putting host into maintenance mode and going to manage, certificates, install SSL and pasting my SSL cert,

Failed - Cannot change the host configuration is received. Any ideas how to resolve? Regards.

Tags (1)
5 Replies
adgate
Enthusiast
Enthusiast

Check the VMware Knowledge Base article.

This thread also might be useful Cannot chage the Host Configuration

Reply
0 Kudos
parmarr
VMware Employee
VMware Employee

Reply
0 Kudos
jasondrake1978
Contributor
Contributor

1. Have your sysadmin generate .pfx and .cer files for the machine you need to update.

2. Download openssl win 64-bit https://www.cloudinsidr.com/content/how-to-install-the-most-recent-version-of-openssl-on-windows-10-...

3. Right click and run openssl as admin in C:\Program Files\OpenSSL-Win64\bin 

4. Get the key file by running the command: pkcs12 -in [yourfile.pfx] -nocerts -out [keyfile-encrypted.key]

5. Convert the key file to pem format by running the command: rsa -in [keyfile-encrypted.key] -outform PEM -out [keyfile-encrypted-pem.key]

6. Get the certificate out of the pfx by running the command: pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [certificate.crt]"

7. Add the newly created pem.key and .crt file in C:\Program Files\OpenSSL-Win64\bin, to the server you need to update via gui or winscp.

8. Go to the CMS SERVER

9. Put it into maintenance mode in the host area under actions

10. power off off all VM's

11. Enable SSL in the services tab

12. Exit lockdown mode in services

13. Use winscp and copy the pfx and crt files to the cd /etc/vmware/ssl directory

14. rename the old rui.crt and rui.key files so you have a copy

15. rename the crt and pfx files you uploaded to rui.crt and rui.key

16. reboot

WardUSA
Contributor
Contributor

Thanks @jasondrake1978.  This worked like a charm for me.

Reply
0 Kudos
CasedGoods
Contributor
Contributor

Just wanted to add my experience, @jasondrake1978's answer worked for me! Except, we have a paid wildcard certificate and all I had to do was replace the rui.crt and the rui.key files (backed them up of course) with the PEM format of my certificate and key files. Wasn't sure if it would work since mine was an RSA Private Key and the server's default just specified as a regular private key. But I rebooted my server, added the proper DNS scopes, and boom, VMware web GUI is SSL'd!

Reply
0 Kudos