Install/Renew SSL cert on ESXi

Install/Renew SSL cert on ESXi

To extract the private and public keys from the pfx you can use openssl and the following commands:

Step 1. openssl pkcs12 -in xxxx.pfx -out rui.crt -nokeys -clcerts

Step 2. openssl pkcs12 -in xxxx.pfx -nocerts -out privatekey.pem

Step 3. openssl rsa -in privatekey.pem -out rui.key

Install vCenter CLI

Install using default configuration on the vCenter server.

NB: The source files are loacated on the media kit.

Disable Lockdown Mode

a) Select Host 1 from the vCenter console and click the “Configuration” tab.
b) In the “Software” menu on the configuration sheet select “Security Profile”.
c) Click “Edit” to change the Lockdown mode
d) Untick “Enable Lockdown Mode”

Verify the private and public key match.

a) Openssl x509 –noout –modulus –in rui.crt | openssl md5
b) Openssl rsa –noout –modulus –in rui.key | openssl md5

The md5 hashes returned from each of the above commands should match.

Install New Certificates

a) Copy the private and public key files for the new certificates to c:\SSLcert on the vCenter server.

a. Public Key = rui.crt
b. Private Key = rui.key

b) Open the vSphere CLI command prompt and enter the following command.

vifs.pl –server <hostx> –put c:\SSLcert\rui.key /host/ssl_key
vifs.pl –server <hostx> –put c:\SSLcert\rui.crt /host/ssl_cert

c) Reboot the ESXi host
d) Repeat the above steps for each ESXi host in the cluster.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s