Tasks: replace CA signed SSL certificate on ESXi hosts
as you know, in part 1 and part 2, I cerated rui.key and rui.csr files and sent csr file to security team for the CA sign.
Today I received rui.crt file them and going to replace it with below stepts
before I'm going to replace, I verified the exiting SSL certificate expire date by web browser (https://ESXIhostname)
1) using winSCP or some other method, copy the rui.csr and rui.key files to esxi /temp folder
2) rename the existing SSL certifacte as orog.rui.crt and orig.rui.key
3) copy the new SSL cert from temp folder to /etc/vmware/SSL folders
4) in order to use new SSL, restart the management services by restart.sh restart or /etc/init.d/vpxa restart and /etc/init.d/hostd restart
5) once restarted, re-connect the host back to vcenter and verify the SSL certificate on web browser.
as you know, in part 1 and part 2, I cerated rui.key and rui.csr files and sent csr file to security team for the CA sign.
Today I received rui.crt file them and going to replace it with below stepts
before I'm going to replace, I verified the exiting SSL certificate expire date by web browser (https://ESXIhostname)
1) using winSCP or some other method, copy the rui.csr and rui.key files to esxi /temp folder
2) rename the existing SSL certifacte as orog.rui.crt and orig.rui.key
3) copy the new SSL cert from temp folder to /etc/vmware/SSL folders
4) in order to use new SSL, restart the management services by restart.sh restart or /etc/init.d/vpxa restart and /etc/init.d/hostd restart
5) once restarted, re-connect the host back to vcenter and verify the SSL certificate on web browser.
No comments:
Post a Comment