Automation

 View Only
  • 1.  Reset / Revert the SSL certificate back to the default one

    Posted Mar 09, 2021 04:48 PM

    Hello,

    Almost 3 weeks before we have installed custom certificates to our all ESXi hosts (6.7). But now we see some issues with the VMs and suspecting because of SSL. Here the requirement is revert it back to default SSL cert for couple of ESXi hosts (50+).

    I have the ESXi hosts names saved in the notepad located in : D:\ESX\name.txt

    Is there any easy way we can connect (SSH) all the ESXi hosts in the notepad and choose the option 8 to reset all certificates ?

    I am novice in scripting. 

     

    NeenaJim_0-1615308199125.png

     



  • 2.  RE: Reset / Revert the SSL certificate back to the default one

    Posted Mar 09, 2021 04:57 PM

    You can use the Posh-SSH module to connect to each ESXi node.
    In a Foreach loop read the .txt file (Get-Content), and for each ESXi node connect via SSH. See for example Use Posh-SSH instead of PuTTY

    Optionally you can make a backup of the current certificate.

    Then run the /sbin/generate-certificates command on the ESXi node.



  • 3.  RE: Reset / Revert the SSL certificate back to the default one

    Posted Mar 09, 2021 05:04 PM

    Something like this for example.
    It assumes all ESXi nodes use the same root password.

    $user = 'root'
    $pswd = 'VMware1!'
    $cred = New-Object -TypeName PSCredential -ArgumentList $user,(ConvertTo-SecureString -String $pswd -AsPlainText -Force)
    
    $cmdSub = '/sbin/generate-certificates'
    
    Get-Content -Path .\esxnames.txt -PipelineVariable row |
    ForEach-Object -Process {
        $session = New-SSHSession -ComputerName $row -Credential $cred –AcceptKey
        $result = Invoke-SSHCommand -SSHSession $session -Command $cmdSub 
        Remove-SSHSession -SSHSession $session | Out-Null 
    }