Reset / Revert the SSL certificate back to the def...

NeenaJim · ‎03-09-2021

Hello,

Almost 3 weeks before we have installed custom certificates to our all ESXi hosts (6.7). But now we see some issues with the VMs and suspecting because of SSL. Here the requirement is revert it back to default SSL cert for couple of ESXi hosts (50+).

I have the ESXi hosts names saved in the notepad located in : D:\ESX\name.txt

Is there any easy way we can connect (SSH) all the ESXi hosts in the notepad and choose the option 8 to reset all certificates ?

I am novice in scripting.

LucD · ‎03-09-2021

You can use the Posh-SSH module to connect to each ESXi node.
In a Foreach loop read the .txt file (Get-Content), and for each ESXi node connect via SSH. See for example Use Posh-SSH instead of PuTTY

Optionally you can make a backup of the current certificate.

Then run the /sbin/generate-certificates command on the ESXi node.

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

LucD · ‎03-09-2021

Something like this for example.
It assumes all ESXi nodes use the same root password.

$user = 'root'
$pswd = 'VMware1!'
$cred = New-Object -TypeName PSCredential -ArgumentList $user,(ConvertTo-SecureString -String $pswd -AsPlainText -Force)

$cmdSub = '/sbin/generate-certificates'

Get-Content -Path .\esxnames.txt -PipelineVariable row |
ForEach-Object -Process {
    $session = New-SSHSession -ComputerName $row -Credential $cred –AcceptKey
    $result = Invoke-SSHCommand -SSHSession $session -Command $cmdSub 
    Remove-SSHSession -SSHSession $session | Out-Null 
}

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

All

Reset / Revert the SSL certificate back to the default one