Print

Updating the certificate on the ESXi host from VMware

About this task

Use the procedure to update the ESXi host certificate.

For information about updating vCenter certificates, see the VMware documentation.

Before you begin

Start an SSH session on the ESXi host.

Procedure

  1. Start vSphere Web Client, and log in to the ESXi host as admin or root user.
  2. Ensure that the domain name and the hostname of the ESXi host is set correctly and matches the FQDN that is present on the DNS servers, correct the entries to match if required.

    For security reason, the common name in the certificate must match the hostname to which you connect.

  3. To generate new certificates, type /sbin/generate-certificates.

    The system generates and installs the certificate.

  4. Restart the ESXi host.
  5. (Optional) Do the following:
    1. Move the ESXi host to the maintenance mode.
    2. Install the new certificate.
    3. From the Direct Console User Interface (DCUI), restart management agents.
      noteNote

      The host certificate must now match the fully qualified domain name of the host.

      VMware places only FQDN in certificates that are generated on the host. Therefore, use a fully qualified domain name to connect to ESXi hosts and vCenter from Solution Deployment Manager.

      Appliance Virtualization Platform places an IP address and FQDN in generated certificates. Therefore, from Solution Deployment Manager, you can connect to Appliance Virtualization Platform hosts through IP address or FQDN.

      The connection from Solution Deployment Manager 7.1 to a vCenter or ESXi host by using an IP address fails because the IP address is absent in the certificate and the connection is not sufficiently secure.