VMware Cloud Community
weijieroyce
Contributor
Contributor

Unable to access web interface of ESXI server 6.5

Unable to access ESXI 6.5 web interface. It shows that the site is unreachable.

Unable to execute command from shell as well. Received error

IO error: [Errno 111] Connection Refused.

Picture.jpg

All of these happened after trying to import an SSL cert into ESXI. Any idea what is happening or how to fix it? Tried rebooting but issue still persist.

Tags (2)
5 Replies
IT_pilot
Expert
Expert

Is the host successfully added to the vCenter?

Error only when using ESXi Embedded Host Client?

http://it-pilot.ru
Reply
0 Kudos
weijieroyce
Contributor
Contributor

Hi IT_pilot,


Thanks for the reply. I have managed to solve this issue.

Is the host successfully added to the vCenter?

I did not use vCenter. I access the web interface via the ip address of ESXi Server 6.5. However, i wasn't able to connect to it because I messed up the configuration for SSL certification while generating SAN SSL certificate and importing it into ESXi. I went into the console, navigated to /etc/vmare/ssl and removed the existing rui.key and rui.crt file and generated new ssl certificates in /sbin/generate-certificates. Did a reboot on my ESXi and im able to access via ip address again.

miyamotosan
Contributor
Contributor

Wow, thanks for this.  I forgot that I was in the middle of replacing my self signed certs.  Finishing the process worked for me.  UNfortunately regenerating the sefl signed with the /sbin/generate-certificates did not work for me.  Im on 7.03U3.  

Services.sh restart worked for me vice a host reboot. ymmv

Reply
0 Kudos
ml6
Contributor
Contributor

I'am on 7.0U3e. But that doesn't matter: New SAN Certs (replacing the rui's), reboot and no vSpehre Client, no esxcli. Only ssh login works. The reason: DO NOT encrypt the cert key witch password! For example using easy-rsa with "nopass" cmd-opt.

Reply
0 Kudos
miyamotosan
Contributor
Contributor

MI6, Are you asking a question?  Try the below KB article for custom certs on your host.  If you need Subj Alt Names then use the below conf file.

https://kb.vmware.com/s/article/2015387

 

NOTE on changing the file below...only edit the DNS.1 and IP.1.  Leave the rest as is.

[req]
default_bits = 4096
default_md = sha256
default_keyfile = rui.key
distinguished_name = req_distinguished_name
encrypt_key = no
prompt = no
string_mask = nombstr
req_extensions = v3_req
[req_distinguished_name]
C = US
ST = HI
L= City
O = Org
OU = OrgUnit
CN = FQDN
[v3_req]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = hostname.mil
IP.1 = 192.168.100.1

Tags (1)
Reply
0 Kudos