Automation

 View Only
  • 1.  Reconnect Host after non self signed certificate replaced

    Posted Mar 21, 2017 05:56 PM

    Hi

    we have changed the default self signed certs for internal generated ones. So we have gone from 10 year valid certs down to 2 years, hence having to manage certificate replacement......

    So once the host is in Maint mode, I can automate the new cert generation and copy to host and restart of host........

    once restarted the host stays disconnected as the SSL Certificate is not verified, by design

    so I can automate a reconnect passing credentials but simply get an error to that stating "Authenticity of the hosts SSL certificate is not verified"

    has anyone managed to automate accepting that as part of a PowerCLi reconnect script?

    Thanks



  • 2.  RE: Reconnect Host after non self signed certificate replaced

    Posted Mar 21, 2017 06:20 PM

    Is that internal CA that generated that certificate been added to the Trusted Publishers on the VCSA?
    Does it work when you do the same action via the Web Client?

    Update: see also KB2111219



  • 3.  RE: Reconnect Host after non self signed certificate replaced

    Posted Apr 25, 2017 07:57 AM

    probably should have mentioned the following too......

    this is ESXi 5.5 for the moment so no VCSA

    If I do it manually in c# client or the web client  I get same error, but you can click ok and then add credentials and then the host comes back connected

    Ideally I want to automate the acceptance of the fact that the cert has changed, so I can then automate the reconnect of the host passing the credentials

    basically I am trying to handover the task of cert renewal without having to handover the credentials