Replacing the ESXi Host Default Certificate with a CA-Signed Certificate
2016-07-26 09:55
441 查看
When you install ESXi, a default certificate for the host is generated. This is a ‘self-signed’ certificate and as such will not be trusted by default in it’s communications with other systems. Because of this, in many environments, it is preferred that the default certificate is replaced with a trusted certificate from a CA (certificate authority). This could be a well-known external certificate authority or a trusted internal CA.
The process for replacing the default certificate on an ESXi host, documented here by VMware, is as follows:
Log into the ESXi host as a user with root privileges
Rename the existing certificates located in /etc/vmware/ssl
Rename the two new files to rui.crt and rui.key using the ‘mv’ command
Restart the host, or the hosts management agents
There are a couple of things to bear in mind with this:
ESXi supports only X.509 certificates to encrypt session information sent over SSL
If the Verify Certificates option is set then the host is likely to drop out of vCenter if the new cert is not verifiable by vCenter. In this case the host will have to be reconnected to vCenter.
https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2015499
The process for replacing the default certificate on an ESXi host, documented here by VMware, is as follows:
Log into the ESXi host as a user with root privileges
Rename the existing certificates located in /etc/vmware/ssl
mv rui.crt orig.rui.crt mv rui.key orig.rui.keyCopy the new certificate and key to /etc/vmware/ssl
Rename the two new files to rui.crt and rui.key using the ‘mv’ command
Restart the host, or the hosts management agents
There are a couple of things to bear in mind with this:
ESXi supports only X.509 certificates to encrypt session information sent over SSL
If the Verify Certificates option is set then the host is likely to drop out of vCenter if the new cert is not verifiable by vCenter. In this case the host will have to be reconnected to vCenter.
Useful Links and Resources
http://www.vmware.com/files/pdf/techpaper/vsp_51_vcserver_esxi_certificates.pdfhttps://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2015499
相关文章推荐
- iOS Certificate、Provisioning Profile
- 回忆去年用Java破解unity.exe的过程
- php curl 报错:SSL certificate problem: unable to get local issuer certificate
- 自建git服务器push时报证书错的解决办法
- CertificateParsingException: invalid DER-encoded certificate data
- 关于Certificate、Provisioning Profile、App ID的介绍及其之间的关系
- iOS 理解证书与描述文件
- 收不到OCP纸质证书如何申请重发
- Certificate with MDM 学习
- 解决curl_error : SSL certificate problem: unable to get local issuer certificate
- Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates, v.1.1
- Received ZEND Certified PHP Engineer Certificate
- Exiting; no certificate found and waitforcert is disabled
- iOS Provisioning Profile(Certificate)与Code Signing详解
- xcode 6 exporting ipa 提示 Your account already has a valid iOS distribution certificate 的另一种解决方法
- “No subject alternative names present” 异常解决
- Exchange Certificate expired
- WCF Security of Windows and Certificate
- Error generating final archive: Debug certificate expired on的解决办法
- 在数据库中用证书加密数据 推荐