ESXi

 View Only
  • 1.  ESXI certificate

    Posted May 16, 2022 06:01 AM

    I have all esxi on vcenter show "ESXi Host Certificate Status", I checked will expire in 2 weeks, I found KB for this issue

    https://docs.vmware.com/en/VMware-vSphere/6.0/com.vmware.vsphere.security.doc/GUID-ECFD1A29-0534-4118-B762-967A113D5CAA.html

    So I just need to confirm on each esxi on vcenter i need to go to esxi---configure---certificate then do renew then do refresh, or renew option enough? 

    Do i need to change any thing before that or above steps enough?



  • 2.  RE: ESXI certificate

    Posted May 16, 2022 09:22 AM

    VMware use standard X.509 version 3 certificates to encrypt session information sent over Secure Socket Layer protocol connections between the client and the server. If you want to replace default certificates for vCenter Server and ESXi , the certificates you obtain for your servers must be signed and must conform to the Privacy Enhanced Mail (PEM) key format. The key used to sign certificates must be a standard RSA key with an encryption length that ranges from 512 to 4,096 bits. The recommended length is 2,048 bits.

    DMVNow



  • 3.  RE: ESXI certificate

    Posted May 16, 2022 11:38 AM

    Hi

    I shared KB to renew the certificate, could you please check if I can do that, I see you explain more details,  I do not want to replace certificate, my current certificate will expire in 2 weeks, so can i use steps on KB to refresh? my certificate mode is VCMA



  • 4.  RE: ESXI certificate

    Posted May 16, 2022 12:00 PM

    Correct - just do the renew part (unless your VCSA certs (MACHINE_SSL_CERT and Trusted_Root) are expiring as well, not just the ESXi hosts)



  • 5.  RE: ESXI certificate

    Posted May 17, 2022 03:46 AM

    Thanks for sharing.



  • 6.  RE: ESXI certificate

    Posted May 17, 2022 06:19 AM

    Thanks for your input;

    Could you please help me how I can check/verify (MACHINE_SSL_CERT and Trusted_Root) expiration date ?