Today, I had an Interesting one. As this was a new install of VMware vSphere ESXi 8.0, or at least within a few days. And low and behold, it has a expired Certificate!? This is a technical write up, with the steps I performed to fix it in my own lab.
When I logged into the Host I Saw the following.
That isn’t good, lets go fix it.
Step 1. Google.
I found this write up by Jesus Vigo in Security
”
How to regenerate certificates on VMware host servers
https://www.techrepublic.com/article/how-to-regenerate-certificates-on-vmware-host-servers/
“By default, VMware host servers, like ESXi hosts typically generate new certificates when the hypervisor is installed on bare-metal hardware. Through the process of configuring the host and allocating resources, it is common for the server configuration to undergo many settings changes as you harden your device.
Must-read security coverage
- 85% of Android users are concerned about privacy
- Almost 2,000 data breaches reported for the first half of 2022
- In security, there is no average behavior
- How to secure your email via encryption, password management and more (TechRepublic Premium)
Among the hardening steps your organization may employ, joining an Active Directory (AD) domain helps administrators to simplify management of underlying hypervisor used to host virtual machines (VM) by centralizing the management of user accounts and groups allowed to access to the server, as well as what changes they are authorized to make.
SEE: Information security policy template download (Tech Pro Research)
However, while the process to join the server to AD may be straightforward, it can and certainly will consistently fail if the SSL certificates used by the VMware host are expired, invalid, or otherwise corrupted. These all pose a difficulty in getting the server to authenticate domain accounts, which will leave users unable to maintain the server until it is resolved. But how can you fix this once it’s happened? Or worse yet, if you’ve never been able to join it to the domain in the first place?
“
Ok, lets get to it!
First lets enable SSH, Go to Manage , Services.
Select TSM-SSH, Name SSH and Click start
next, lets login via ssh. I used Putty.
Lets move to the dir that has the SSL keys to back up the keys. Per the above write up.
cd /etc/vmware/ssl
Then run the following.
mv rui.crt rui.crt.bak mv rui.key rui.key.bak
But I got the following error.
So we are going to move on.
Next type /sbin/generate-certificates
Then /etc/init.d/hostd restart
Looks like that worked, lets see!
Log back into the VMware Host via the web interface.
Ta da!
Make sure to disable SSH, or reboot to do so.
Thanks for reading
Roger L
