Troubleshooting replacing a corrupted certificate on Esxi server
-
Generate new self-signed certificates for ESXi using OpenSSL
Push SSL certificates to client computers using Group Policy
Replacing a default ESXi certificate with a CA-Signed certificate
Troubleshooting replacing a corrupted certificate on Esxi serverWhile deploying your own certificate on ESXi server you need to follow certain requirement to create it as shown here, if new generated certificate is not correct as per the standard and if they are replaced overwritten without proper backup, it can cause connection error on ESXi server and you will see error similar to This site can't be reached, refused to connect with ERR_CONNECTION_REFUSED.
To resolve it immediately open ssh session to ESXi server and run command /sbin/generate-certificates, which will restore and generate default self-signed certificate in location /etc/vmware/ssl. To take effect run command services.sh restart &tail -f /var/log/jumpstart-stdout.log.
After checking once again on browser, everything should be good and esxi website will be working again.
Useful Article
VMWARE SECURITY BEST PRACTICES: POWERCLI ENABLE OR DISABLE ESXI SSH
vSphere ESXi security best practices: Time configuration - (NTP) Network Time Protocol
Configure syslog on VMware ESXi hosts: VMware best practices
http://vcloud-lab.com/entries/esxi-installation-and-configuration/troubleshooting-replacing-a-corrupted-certificate-on-esxi-server
© Lightnetics 2024