ESXi: Generate a new selfsigned host certificate


usually vCenter generates the certificates for the connected ESXi hosts. This is done by the VMCA and can be triggered by the vCenter GUI => Browser to the ESXi Host -> System -> Configure -> Certificate -> Renew.

To generate a new ESXi Host certificate, which is used for https connections at TCP/443 and for the CIM service TCP/5989, a script is located in /sbin.

Set the host into maintenance mode and remove it from the cluster

~ # /sbin/generate-certificates

to generate a new host certificate and restart services

~ # /etc/init.d/sfcbd-watchdog restart
~ # /sbin/ restart

reconnect the host to the cluster


Advertisment to support

Leave a Reply

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.