Install/Renew SSL cert on ESXi

Install/Renew SSL cert on ESXi

To extract the private and public keys from the pfx you can use openssl and the following commands:

Step 1. openssl pkcs12 -in xxxx.pfx -out rui.crt -nokeys -clcerts

Step 2. openssl pkcs12 -in xxxx.pfx -nocerts -out privatekey.pem

Step 3. openssl rsa -in privatekey.pem -out rui.key

Install vCenter CLI

Install using default configuration on the vCenter server.

NB: The source files are loacated on the media kit.

Disable Lockdown Mode

a) Select Host 1 from the vCenter console and click the “Configuration” tab.
b) In the “Software” menu on the configuration sheet select “Security Profile”.
c) Click “Edit” to change the Lockdown mode
d) Untick “Enable Lockdown Mode”

Verify the private and public key match.

a) Openssl x509 –noout –modulus –in rui.crt | openssl md5
b) Openssl rsa –noout –modulus –in rui.key | openssl md5

The md5 hashes returned from each of the above commands should match.

Install New Certificates

a) Copy the private and public key files for the new certificates to c:\SSLcert on the vCenter server.

a. Public Key = rui.crt
b. Private Key = rui.key

b) Open the vSphere CLI command prompt and enter the following command. –server <hostx> –put c:\SSLcert\rui.key /host/ssl_key –server <hostx> –put c:\SSLcert\rui.crt /host/ssl_cert

c) Reboot the ESXi host
d) Repeat the above steps for each ESXi host in the cluster.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s