Another post in the category: I keep reinventing the wheel (or: I keep forgetting how I did stuff in the past). Here's how to renew your ESXi SSL certificate.
I use XCA, an excellent tool to manage certificates. For use with ESXi this is extra simple: it can import a CSR request and generate a certificate for it. Here are the steps:
- Open the ESXi web UI
- In the navigator (left pane) click Manage, then click the Security & Users tab -> Certificates -> Import new certificate (yes, I know, this doesn't sound very intuitive).
- In the new window click Generate FQDN signing request and click Copy to clipboard. Save this as a plain-text file (use notepad or any other text editor).
- Next, open XCA, go to the Certificate Signing Requests tab, click Import and select the file you just saved.
- Next, right-click the CSR and click Sign. Change options to your liking. In my case that is:
- Select the intermediate CA certificate for signing
- Select the domain template and click "Apply all"
- Click OK and head over to the Certificates tab. The newly created certificate should be shown in the list. Export it as PEM.
- Open the file with a text editor (like notepad). Copy the entire contents.
- Back to the ESXi UI, paste the contents of the PEM file in the "Import certificate" window and click OK.
The new certificate is now installed. ESXi will show a message that you should refresh your browser, so do that. You may have to refresh a few times, or better, disable cache temporarily, then refresh. Eventually the new SSL cert should be used. No need to 'restart the host'.
Tested on ESXi 7.0u3
No comments:
Post a Comment