Replacing ESXI SSL Certs

Replacing ESXI SSL Certs

This is a follow on from replacing the PCS as trusted intermediate to your org CA Store. The next step is to update each ESXi host.

If you have done the previous post of SSL replacement then wait 24 hours before updating the ESXi hosts, due to a known issue, see

Setup Certificate Options

  1. Log into vCenter and on the vCenter that manages the hosts, user Manage, Settings, Advanced Settings search for Certmgmt. Update the values for the certificate request as approipate, below shows before and after updating
  2. Then on a ESXi host right click choose certificates, renew certificates
    1. If you get the following error, wait for the newly created VMCA certificates done in the previous post to be 24 hours old
    2. If you have waited and do not see the error, then the certificate will be updated, the host may disconnect for a short while whilst the operation is done

Leave a Reply

Your email address will not be published.