VMware Cloud Community
acefire
Contributor
Contributor
‎01-11-2020 02:06 AM

Vcenter appliance 6.7U3b esxihosts certificates

Good morning.

I have recently installed a brand new vcenter appliance version 6.7U3b

Then i have replaced the default vcma certificate and solutions certificates with my microsoft ca signed certificates .

Everything works as expected and i can connect to my vcma from my browser as a secure connection.

But when i connect my esxi hosts to this vcma they receive a certificate which belongs to vmvare and when i directly connect to them i received from the browser

the warning that i am connecting to an untrusted site, even when i update and refresh  the certificates from the web client and html5 client.

Is this the right behaviour ? should i take care of replacing by hand every certificate installed in the esxi hosts or is there something i am missing

in the configuration of the vcma ?

Thankyou in advance

Kind regards

Andrea

0 Kudos
4 Replies
Alex_Romeo
Leadership
Leadership
‎01-11-2020 02:37 AM

Hi,

yes it is correct, you have to download the certificate from the main page of ESXi and install it on your computer. After this operation, the warning no longer comes out.

ARomeo

Blog: https://www.aleadmin.it/
0 Kudos
acefire
Contributor
Contributor
‎01-12-2020 09:26 AM

Thankyou very much.

Kind regards

0 Kudos
Alex_Romeo
Leadership
Leadership
‎01-12-2020 09:41 AM

Hi,

you solved?

Br,

Blog: https://www.aleadmin.it/
0 Kudos
noroutine
Contributor
Contributor
‎01-15-2020 03:20 AM

Hi

After you regenerated certificates on vcenter, you can simply renew certificates on hosts by right-clicking the host in vcenter, You might want to push CA certificates to host beforehand as well from same menu

Don't do this in production without due care, as it does involve among other things some slight time, when host is disconnected, so it may trigger things you don't want to trigger. My advice is to vmotion all vms out if the host before performing the task.

Host should not be in maintenance mode https://kb.vmware.com/s/article/68045

Hope this helps

P.S. It's not clear if you replaced the root VMCA or just installed 3rd-party signed certificates for machine/solutions. My recipe will work for former. For latter you will need to manually install 3rd-party signed certificates on each ESXI host.

0 Kudos