Replace Self-Signed Certificate on ESXi 6.7 Host

To replace the default certificate, you first need to generate a certificate and matching private key. I did this against my Organisations CA. See here for more information on how to do that.

First log into the ESXi host via SSH:

[[email protected] ~]$ ssh [email protected] -p22

Change to the /etc/vmware/ssl directory:

[[email protected]:~] cd /etc/vmware/ssl
[[email protected]:/etc/vmware/ssl]

Rename the current certificate and private key to something else:

[[email protected]:/etc/vmware/ssl] mv rui.crt orig.rui.crt
[[email protected]:/etc/vmware/ssl] mv rui.key orig.rui.key

Now create a new file called rui.crt and copy the certificate contents to it.

[[email protected]:/etc/vmware/ssl] vi rui.crt

Now do the same for rui.key:

[[email protected]:/etc/vmware/ssl] vi rui.key

Now you should hopefully just need to reboot.

[[email protected]:/etc/vmware/ssl] reboot

If this does not work for some reason, just copy the old certificates back in place and reboot again.

Be the first to comment

Leave a Reply