ESXi

 View Only
  • 1.  Failed - Cannot change the host configuration.

    Posted Apr 09, 2018 11:10 PM

    Hi all

    Just a question regarding uploading a new SSL to ESXi host 6.5

    Putting host into maintenance mode and going to manage, certificates, install SSL and pasting my SSL cert,

    Failed - Cannot change the host configuration is received. Any ideas how to resolve? Regards.



  • 2.  RE: Failed - Cannot change the host configuration.

    Posted Apr 10, 2018 07:45 PM

    Check the VMware Knowledge Base article.

    This thread also might be useful Cannot chage the Host Configuration



  • 3.  RE: Failed - Cannot change the host configuration.



  • 4.  RE: Failed - Cannot change the host configuration.

    Posted Apr 08, 2020 02:28 PM

    1. Have your sysadmin generate .pfx and .cer files for the machine you need to update.

    2. Download openssl win 64-bit https://www.cloudinsidr.com/content/how-to-install-the-most-recent-version-of-openssl-on-windows-10-in-64-bit/

    3. Right click and run openssl as admin in C:\Program Files\OpenSSL-Win64\bin 

    4. Get the key file by running the command: pkcs12 -in [yourfile.pfx] -nocerts -out [keyfile-encrypted.key]

    5. Convert the key file to pem format by running the command: rsa -in [keyfile-encrypted.key] -outform PEM -out [keyfile-encrypted-pem.key]

    6. Get the certificate out of the pfx by running the command: pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [certificate.crt]"

    7. Add the newly created pem.key and .crt file in C:\Program Files\OpenSSL-Win64\bin, to the server you need to update via gui or winscp.

    8. Go to the CMS SERVER

    9. Put it into maintenance mode in the host area under actions

    10. power off off all VM's

    11. Enable SSL in the services tab

    12. Exit lockdown mode in services

    13. Use winscp and copy the pfx and crt files to the cd /etc/vmware/ssl directory

    14. rename the old rui.crt and rui.key files so you have a copy

    15. rename the crt and pfx files you uploaded to rui.crt and rui.key

    16. reboot



  • 5.  RE: Failed - Cannot change the host configuration.

    Posted Nov 08, 2021 02:33 AM

    Thanks .  This worked like a charm for me.



  • 6.  RE: Failed - Cannot change the host configuration.

    Posted Jul 28, 2022 12:59 PM

    Just wanted to add my experience, 's answer worked for me! Except, we have a paid wildcard certificate and all I had to do was replace the rui.crt and the rui.key files (backed them up of course) with the PEM format of my certificate and key files. Wasn't sure if it would work since mine was an RSA Private Key and the server's default just specified as a regular private key. But I rebooted my server, added the proper DNS scopes, and boom, VMware web GUI is SSL'd!