{"id":7942,"date":"2021-11-14T22:33:52","date_gmt":"2021-11-14T21:33:52","guid":{"rendered":"https:\/\/michlstechblog.info\/blog\/?p=7942"},"modified":"2021-11-17T14:37:47","modified_gmt":"2021-11-17T13:37:47","slug":"esxi-generate-a-new-selfsigned-host-certificate","status":"publish","type":"post","link":"https:\/\/michlstechblog.info\/blog\/esxi-generate-a-new-selfsigned-host-certificate\/","title":{"rendered":"ESXi: Generate a new selfsigned host certificate"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_7942 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_7942')){$('.twoclick_social_bookmarks_post_7942').socialSharePrivacy({\"services\":{\"flattr\":{\"uid\":\"Michl\",\"status\":\"on\",\"the_title\":\"ESXi%3A%20Generate%20a%20new%20selfsigned%20host%20certificate\",\"the_excerpt\":\"Hi%2C%0D%0A%0D%0Ausually%20vCenter%20generates%20the%20certificates%20for%20the%20connected%20ESXi%20hosts.%20This%20is%20done%20by%20the%20VMCA%20and%20can%20be%20triggered%20by%20the%20vCenter%20GUI%20%3D%3E%20Browser%20to%20the%20ESXi%20Host%20-%3E%20System%20-%3E%20Configure%20-%3E%20Certificate%20-%3E%20Renew.%0D%0A%0D%0ATo%20generate%20a%20new%20ESXi%20Host%20certificate%2C%20which%20is%20used%20for%20https%20connections%20at%20TCP%2F443%20and%20for%20the%20CIM%20service%20TCP%2F5989%2C%20a%20script%20is%20located%20in%20%2Fsbin.%0D%0A%20%28more%26hellip%3B%29\",\"txt_info\":\"2 clicks for more data protection:\\r\\n\\r\\nOnly when you click here, the button will be come active and you can send your recommendation to Flattr. When activating, data are transmitted to third parties. \",\"perma_option\":\"off\"}},\"txt_help\":\"When you activate these fields by clicking, information to Flattr may be transferred abroad, and probably may also stored there.\",\"settings_perma\":\"Enable permanently and accept data transmission. \",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/michlstechblog.info\\\/blog\\\/esxi-generate-a-new-selfsigned-host-certificate\\\/\",\"post_id\":7942,\"post_title_referrer_track\":\"ESXi%3A+Generate+a+new+selfsigned+host+certificate\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p>Hi,<\/p>\n<p>usually vCenter generates the certificates for the connected ESXi hosts. This is done by the <a href=\"https:\/\/docs.vmware.com\/en\/VMware-vSphere\/7.0\/com.vmware.vsphere.security.doc\/GUID-ECFD1A29-0534-4118-B762-967A113D5CAA.html\" rel=\"noopener\" target=\"_blank\">VMCA<\/a> and can be triggered by the vCenter GUI => Browser to the ESXi Host -> System -> Configure -> Certificate -> Renew.<\/p>\n<p>To generate a new ESXi Host certificate, which is used for https connections at TCP\/443 and for the CIM service TCP\/5989, a script is located in \/sbin.<br \/>\n<!--more--><\/p>\n<p>Set the host into maintenance mode and remove it from the cluster<br \/>\nCall <\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\n~ # \/sbin\/generate-certificates\r\n<\/pre>\n<p>to generate a new host certificate and restart services<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\n~ # \/etc\/init.d\/sfcbd-watchdog restart\r\n~ # \/sbin\/services.sh restart\r\n<\/pre>\n<p>reconnect the host to the cluster<\/p>\n<p>Michael<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hi, usually vCenter generates the certificates for the connected ESXi hosts. This is done by the VMCA and can be triggered by the vCenter GUI => Browser to the ESXi Host -> System -> Configure -> Certificate -> Renew. To generate a new ESXi Host certificate, which is used for https connections at TCP\/443 and &hellip; <a href=\"https:\/\/michlstechblog.info\/blog\/esxi-generate-a-new-selfsigned-host-certificate\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">ESXi: Generate a new selfsigned host certificate<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[1656,457,651,1655,1659,1658,14,1657],"class_list":["post-7942","post","type-post","status-publish","format-standard","hentry","category-vmware","tag-certificate-cim-service","tag-esxi","tag-generate","tag-host-certificate","tag-new-certificate","tag-recreate","tag-vmware-2","tag-web-certificate"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/7942","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/comments?post=7942"}],"version-history":[{"count":5,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/7942\/revisions"}],"predecessor-version":[{"id":8015,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/7942\/revisions\/8015"}],"wp:attachment":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/media?parent=7942"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/categories?post=7942"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/tags?post=7942"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}