Hi all
Just a question regarding uploading a new SSL to ESXi host 6.5
Putting host into maintenance mode and going to manage, certificates, install SSL and pasting my SSL cert,
Failed - Cannot change the host configuration is received. Any ideas how to resolve? Regards.
Check the VMware Knowledge Base article.
This thread also might be useful Cannot chage the Host Configuration
Please check: Adding datastore to an ESXi host fails with the error :The 'Create VMFS datastore' operation failed ...
1. Have your sysadmin generate .pfx and .cer files for the machine you need to update.
2. Download openssl win 64-bit https://www.cloudinsidr.com/content/how-to-install-the-most-recent-version-of-openssl-on-windows-10-...
3. Right click and run openssl as admin in C:\Program Files\OpenSSL-Win64\bin
4. Get the key file by running the command: pkcs12 -in [yourfile.pfx] -nocerts -out [keyfile-encrypted.key]
5. Convert the key file to pem format by running the command: rsa -in [keyfile-encrypted.key] -outform PEM -out [keyfile-encrypted-pem.key]
6. Get the certificate out of the pfx by running the command: pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [certificate.crt]"
7. Add the newly created pem.key and .crt file in C:\Program Files\OpenSSL-Win64\bin, to the server you need to update via gui or winscp.
8. Go to the CMS SERVER
9. Put it into maintenance mode in the host area under actions
10. power off off all VM's
11. Enable SSL in the services tab
12. Exit lockdown mode in services
13. Use winscp and copy the pfx and crt files to the cd /etc/vmware/ssl directory
14. rename the old rui.crt and rui.key files so you have a copy
15. rename the crt and pfx files you uploaded to rui.crt and rui.key
16. reboot
Thanks @jasondrake1978. This worked like a charm for me.
Just wanted to add my experience, @jasondrake1978's answer worked for me! Except, we have a paid wildcard certificate and all I had to do was replace the rui.crt and the rui.key files (backed them up of course) with the PEM format of my certificate and key files. Wasn't sure if it would work since mine was an RSA Private Key and the server's default just specified as a regular private key. But I rebooted my server, added the proper DNS scopes, and boom, VMware web GUI is SSL'd!