Replace Self-Signed Certificate on ESXi 6.7 Host

To replace the default certificate, you first need to generate a certificate and matching private key. I did this against my Organisations CA. See here for more information on how to do that.

First log into the ESXi host via SSH:

[andy@home-pc ~]$ ssh [email protected] -p22

Change to the /etc/vmware/ssl directory:

[root@esxi01:~] cd /etc/vmware/ssl

Rename the current certificate and private key to something else:

[root@esxi01:/etc/vmware/ssl] mv rui.crt orig.rui.crt
[root@esxi01:/etc/vmware/ssl] mv rui.key orig.rui.key

Now create a new file called rui.crt and copy the certificate contents to it.

[root@esxi01:/etc/vmware/ssl] vi rui.crt

Now do the same for rui.key:

[root@esxi01:/etc/vmware/ssl] vi rui.key

Now you should hopefully just need to reboot.

[root@esxi01:/etc/vmware/ssl] reboot

If this does not work for some reason, just copy the old certificates back in place and reboot again.

Be the first to comment

Leave a Reply