Thursday, August 1, 2024

Automatic Updating ESXi Certificates

This is mostly a note to myself.

Venafi TPP can copy certificate files via SSH by using SCP. 

Look like ESXi supports this:

  • I've always WinSCP'd into the host then gone to /etc/vmware/ssl/ rename and transfer the certificate as 'rui.crt' and rename and transfer the private key as 'rui.key' then go to the ESXi console, go to troubleshoot, and restart management agents. Your ESXi host should now be using the new certificates.
  • https://www.reddit.com/r/vmware/comments/yenv8d/replace_esxi_host_ssl_with_internal_ca_with/ 

Other:

  • https://knowledge.broadcom.com/external/article?legacyId=56441 
  • https://www.filecloud.com/blog/2022/06/installing-an-ssl-certificate-on-an-esxi-server/
  • https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-B70177EE-9C62-4BB9-BD3C-4848C128E63A.html
  • https://www.starwindsoftware.com/blog/how-to-replace-your-default-esxi-ssl-certificate-with-a-self-signed-certificate/
  • https://docs.vmware.com/en/VMware-Cloud-Foundation/4.5/vcf-admin/GUID-91824B56-91F3-44FE-B67B-180A50B94717.html#GUID-91824B56-91F3-44FE-B67B-180A50B94717

 

Posted by at

8 comments:

  1. muskanDecember 9, 2024 at 11:56 PM

    Great post! I’ve been using WinSCP to replace ESXi certificates for years. Curious—do you think Venafi TPP could fully automate this process, or is manual intervention always required?
    Slotted Angle rack delhi
    Warehouse storage rack delhi

    ReplyDelete
  2. amanDecember 10, 2024 at 12:08 AM

    Nice! I usually struggle with managing SSL certificates on ESXi hosts. This looks like a cleaner process. Have you tried automating the agent restart as well?
    Heavy duty pallet rack delhi
    Pallet storage rack india

    ReplyDelete
  3. Techno worldsDecember 10, 2024 at 12:08 AM

    Solid tip! Managing SSL certificates manually can be tedious. I'll check out Venafi TPP now. Do you recommend any particular tool for monitoring certificate expiry on ESXi?
    Industrial Pallet Racks india
    Spare part storage rack india

    ReplyDelete
  4. getindustrialproductsDecember 10, 2024 at 12:09 AM

    I always forget the /etc/vmware/ssl/ path! This note will come in handy. A script to automate SCP transfers and restarts would be awesome—any plans to create one?
    Heavy Duty Rack
    warehouse racking system

    ReplyDelete
  5. SHUBHAMDecember 10, 2024 at 12:09 AM

    I followed the steps in the VMware docs you linked, but I hit issues with permissions. Did you encounter anything similar while using WinSCP for updates?
    Cantilever rack india
    long span rack india

    ReplyDelete
  6. onlinepromotionhouse22@gmail.comDecember 10, 2024 at 12:09 AM

    It’s great to see someone break down certificate updates for ESXi. This seems much simpler than the other tutorials I’ve come across. Thanks for sharing!
    Mezzanine floor noida
    Slotted Angle racks noida

    ReplyDelete
  7. Nishi8171December 10, 2024 at 12:09 AM

    Out of curiosity, what internal CA are you using? I’ve been looking into alternatives like Let’s Encrypt but wasn’t sure how well it integrates with ESXi.
    Pallet storage rack noida
    Warehouse Pallet Racking System noida

    ReplyDelete
  8. shivaniwebdesigningDecember 10, 2024 at 12:10 AM

    Good read! I’ve seen a few admins overlook SSL certificates in their ESXi hosts. This post highlights why it’s crucial. Do you update certificates on a fixed schedule?
    Spare part storage rack noida
    Pallet Rack Lucknow

    ReplyDelete

Subscribe to: Post Comments (Atom)