Updating the certificate on the ESXi host from VMware
About this task
Use the procedure to update the ESXi host certificate.
For information about updating vCenter certificates, see the VMware
documentation.
Before you begin
Start an SSH session on the ESXi host.
Procedure
Start vSphere Web Client, and log in to the ESXi host as
admin or root user.
Ensure that the domain name and the hostname of the ESXi
host is set correctly and matches the FQDN that is present on the
DNS servers, correct the entries to match if required.
For security reason, the common name in the certificate must match
the hostname to which you connect.
To generate new certificates, type /sbin/generate-certificates.
The system generates and installs the certificate.
Restart the ESXi host.
(Optional) Do the following:
Move the ESXi host to the maintenance mode.
Install the new certificate.
From the Direct Console User Interface (DCUI), restart
management agents.
Note
The host certificate must now match the fully qualified domain
name of the host.
VMware places only FQDN in certificates that are generated on the
host. Therefore, use a fully qualified domain name to connect to ESXi
hosts and vCenter from Solution Deployment
Manager.
Appliance Virtualization
Platform places an IP address and FQDN in generated certificates.
Therefore, from Solution Deployment
Manager, you can connect to Appliance Virtualization
Platform hosts through IP address or FQDN.
The connection from Solution Deployment
Manager 7.1 to a vCenter or ESXi host by using an IP address
fails because the IP address is absent in the certificate and the
connection is not sufficiently secure.