Replacing the ESXi Host Default Certificate with a CA-Signed Certificate
When you install ESXi, a default certificate for the host is generated. This is a ‘self-signed’ certificate and as such will not be trusted by default in it’s communications with other systems. Because of this, in many environments, it is preferred that the default certificate is replaced with a trusted certificate from a CA (certificate authority). This could be a well-known external certificate authority or a trusted internal CA.
The process for replacing the default certificate on an ESXi host, documented here by VMware, is as follows:
Log into the ESXi host as a user with root privileges
Rename the existing certificates located in /etc/vmware/ssl
mv rui.crt orig.rui.crt mv rui.key orig.rui.key
Copy the new certificate and key to /etc/vmware/ssl
Rename the two new files to rui.crt and rui.key using the ‘mv’ command
Restart the host, or the hosts management agents
There are a couple of things to bear in mind with this:
ESXi supports only X.509 certificates to encrypt session information sent over SSL
If the Verify Certificates option is set then the host is likely to drop out of vCenter if the new cert is not verifiable by vCenter. In this case the host will have to be reconnected to vCenter.
Useful Links and Resources
http://www.vmware.com/files/pdf/techpaper/vsp_51_vcserver_esxi_certificates.pdf
https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2015499
本文转自学海无涯博客51CTO博客,原文链接http://blog.51cto.com/549687/1829992如需转载请自行联系原作者
520feng2007
Replacing the ESXi Host Default Certificate with a CA-Signed Certificate相关推荐
- 使用ES Rally出错:certificate verify failed: self signed certificate in certificate chain
本文为日志文... 使用ES对使用SSL加密的集群进行压测的时候,我们通常会使用--client-options选项,通过提供use_ssl:true,verify_certs:false的方式来避免 ...
- How to check firmware and drivers of a VMware ESXi host
方法一: http://www.nycnetworkers.com/vmware/check-firmware-drivers-vmware-esxi-host/ Something that cam ...
- Postman 报错SSL Error: Self signed certificate Disable SSL Verification
Postman使用的时候报错:SSL Error: Self signed certificate Disable SSL Verification 解决方案 选择setting菜单: 默认的SSL ...
- atom 插件下载错误:【Fetching featured packages failed.self signed certificate in certificate chain】
https://stackoverflow.com/questions/53740140/self-signed-certificate-in-certificate-chain-atom 使用ato ...
- Git ----fatal: unable to access xxx: SSL certificate problem: self signed certificate in certificate
fatal: unable to access 'http://gitee.com/yhhyu2015/CommonUtils.git/': SSL certificate problem: self ...
- 解决:Unable to clone Git repository due to self signed certificate(由于自签名证书,无法克隆Git存储库)的问题
Unable to clone Git repository due to self signed certificate 今天准备将自己做的项目上传到github上,在克隆repository到 本 ...
- 微信小程序新建/导入项目报错:self signed certificate in certificat 和 getaddrinfo ENOTFOUND servic的原因及解决办法
文章目录 前言: 报错如下: 一.开发环境: 1.开发者工具版本号: 2.系统版本 二.这俩个问题的原因: 三.解决办法: 前言: 笔者今天用新电脑安装了微信开发者工具导入我放在码云上面的小程序代码, ...
- Git拉取项目时报错: self signed certificate
Git拉取项目时报错: self signed certificate 解决方法 git拉取代码或者项目报错self signed certificate 解决方法 运行Git Bash,执行配置命令 ...
- git clone报错——SSL certificate problem: self signed certificate in certificate chain
问题描述 使用Git工具进行git clone项目时,弹出框提示信息为"fatal: unable to access 'https://-git/': SSL certificate pr ...
最新文章
- android 画布旋转,Android-在安卓开发中,如何实现一个简单的图片旋转
- WIN10 中mysql8 忘记密码
- /proc/kcore失效,调试其文件系统相关模块,使重新正常工作
- c++ 隐藏进程_Linux 查看进程的动态信息
- 老板怒了,“我们赚钱你们花钱,还总出毛病!”
- shiro利用mysql动态授权_SpringBoot+Shiro学习之数据库动态权限管理和Redis缓存
- 超绝万圣节主题设计海报背景,搞节日气氛靠它没问题!
- 20行 Python 代码爬取王者荣耀全英雄皮肤 | 原力计划
- 嵌入式环境搭建之NFS
- 计算机报警声 一高一低,有报警声电脑问题怎么处理 有报警声电脑问题处理方法【介绍】...
- [OrCad电路板设计系统].Orcad.Pspice.9.2下载安装
- linux系统制作macos启动,如何手动制作macOS High Sierra可启动安装U盘
- 长虹 Watch FLY 智能手表 评测
- Python学的好,工作不愁找
- openlayers3(五)根据坐标点画圆、线、多边形
- windows启动管理器_如何在Windows 10中打开任务管理器,方法众多,值得收藏
- 中国人发明的代码,你知道是什么样的吗?
- 实在智能RPA学院|切切切词!算法TopWORDS的原理及实现
- python爬取京东手机参数_python爬取京东手机价格
- 有手就行的 Spring Boot 集成 Shiro