blog posts

How to Install SSL Certificate on VMWare ESXi and vCenter

In the latest version of ESXI Server, the web interface is only available for managing existing virtual machines (VMs) or creating new virtual machines. By default, the SSL certificate that comes with ESXI is a self-signed certificate that is not accepted by most browsers. In this tutorial, we’ll use ESXI version 6.7, with a default URL of ESXi-srv.example.com and an expired SSL certificate. Generally, we plan to replace it with a new SSL certificate.

In this article, we want to learn how to install an SSL certificate on an ESXi server. So stay with us until the end of this article.

Log in to the ESXi web interface.

To install the new SSL, we need to log into the ESXi web interface and enable SSH access (SSH Enablement tutorial). We can use the Mozilla web browser, which helps us to log into the UI by accepting the risks associated with expired SSL.

If you encounter such a result, click Advanced and then enable Accept The Risk and Continue.

Start the SSH service.

To start the SSH service, log in to the ESXI server as the root user, then click Manage -> Services -> Start TSM-SSH service.

certificates

Go to the dir /etc/VMWare/SSL directory.

[root@vmxi:/etc/VMWare/ssl] PWD
/etc/VMware/SSL

We need to update the rui.crt and rui.key files by adding new SSL and Chain certificates to the rui.crt file (its certificate and Chain certificate respectively). You will then add your private SSL key to the rui.key file.

Safety first

Make a backup of your existing certificate and key before making any changes.

cp /etc/vmware/ssl/rui.crt /etc/vmware/ssl/rui.crt_old
cp /etc/vmware/ssl/rui.key /etc/vmware/ssl/rui.crt_key

Then replace the its certificate and key using the vi editor

cat /dev/null > /etc/vmware/ssl/rui.crt
vi /etc/vmware/ssl/rui.crt
cat /dev/null > /etc/vmware/ssl/ rui.key
vi /etc/vmware/ssl/ rui.key

After making the changes, you need to restart the host service using the following commands:

[root@vmxi:/etc/vmware/ssl] /etc/init.d/hostd restart
watchdog-hostd: Terminating watchdog process with PID 5528316
hostd stopped.
hostd started.
[root@vmxi:/etc/vmware/ssl] /etc/init.d/hostd status
hostd is running.
[root@vmxi:/etc/vmware/ssl]

Now if we look in the browser, we can see that the new SSL certificate for the ESXi server is running.

Since we have very important information in Esxi, including the management of virtual machines, it is important to secure it with an SSL certificate to avoid possible risks.