One of my weird hobbies is installing legitimate SSL certificates EVERYWHERE. Here’s steps for replacing the default self-signed garbage SSL certificates you get out of the box with VMware ESXi:
Steps
- Get your SSL cert, obviously. You’ll need a .key file and a .crt. (If you need help at this stage, take a look at my SSL cert management scripts on github.)
- Enable SSH access to your ESXi box. Login as root over ssh. (If you don’t know about this, perhaps this whole process is not for you at this time)
- From your root ssh session to your ESXi box, follow these steps:
cd /etc/vmware/ssl
mv rui.crt orig.rui.crt
mv rui.key orig.rui.key
- Use vi to open new rui.key and rui.crt files and paste in your own crt and key files.
- Restart services so your certs are in-play:
/etc/init.d/hostd restart
/etc/init.d/vpxa restart
Read more “VMware ESXi 6.5 – Replacing the default SSL/TLS certificates”