Menu

Virtual Geek

Tales from real IT system administrators world and non-production environment

Troubleshooting replacing a corrupted certificate on Esxi server

While deploying your own certificate on ESXi server you need to follow certain requirement to create it as shown here, if new generated certificate is not correct as per the standard and if they are replaced overwritten without proper backup, it can cause connection error on ESXi server and you will see error similar to This site can't be reached, refused to connect with ERR_CONNECTION_REFUSED.

vmware vsphere esxi this site can't be reached ERR_CONNECTION_REFUSED replace generate a self singed certificate esxi proxy repair corrupt certificate ca signed.png

Generate new self-signed certificates for ESXi using OpenSSL
Push SSL certificates to client computers using Group Policy
Replacing a default ESXi certificate with a CA-Signed certificate
Troubleshooting replacing a corrupted certificate on Esxi server
How to import default vCenter server appliance VMCA root certificate and refresh CA certificate on ESXi
How to replace default vCenter VMCA certificate with Microsoft CA signed certificate

To resolve it immediately open ssh session to ESXi server and run command /sbin/generate-certificates, which will restore and generate default self-signed certificate in location /etc/vmware/ssl. To take effect run command services.sh restart &tail -f  /var/log/jumpstart-stdout.log.

vmware vsphere esxi server sbin generate-certificates services.sh restart tail self-signed certificate openssl invalid certificate ca server powershell restart reboot force esxi.png

After checking once again on browser, everything should be good and esxi website will be working again.

verifying self-singned certifcate esxi replace default certificate vmware workstation vmware vsphere openssl generated key and crt sbin folder sh file vmware installer.png

Useful Article
VMWARE SECURITY BEST PRACTICES: POWERCLI ENABLE OR DISABLE ESXI SSH
vSphere ESXi security best practices: Time configuration - (NTP) Network Time Protocol
Configure syslog on VMware ESXi hosts: VMware best practices

Go Back

Comment

Blog Search

Page Views

2461954

Follow me on Blogarama