Solved

Regenerate certificate on ESXi 4.1

Posted on 2011-09-26
19
1,121 Views
Last Modified: 2012-05-12
Hello

I have ESXi 4.1 and I need to regenerate Certificate becuase of ESXi Host name and dns change
How can I do it ?

p.s.
In vmware web site there is an artical
http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=1008166&sliceId=1&docTypeID=DT_KB_1_1&dialogID=224246673&stateId=0 0 224248440 saying:

Generate New Certificates for the ESXi Host
The ESXi host generates certificates the first time the system is started. Under certain circumstances, you might
be required to force the host to generate new certificates. You typically generate new certificates only if you
change the host name or accidentally delete the certificate.
Procedure
1 Select Reset Customized Settings in the direct console.
2 Reboot the system to regenerate the certificates

I have entered the console from the Host itself and I can't find this option "Reset Customized Settings"

My question is how can I regenerate a new certificate for my ESXi4.1 Host
Please Advise
0
Comment
Question by:DoronAviad
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 5
  • 5
19 Comments
 
LVL 121
ID: 36598495
Do you not have access to the actually Direct Console User Interface? (black and yellow screen)?

e.g. via iLO, DRAC or KVM?
0
 
LVL 23

Expert Comment

by:Luciano Patrão
ID: 36598523
Hi

Here you have all the information about certifcates for all vSphere versions

http://kb.vmware.com/kb/1008166

and also

http://kb.vmware.com/kb/4646606

Jail
0
 
LVL 121
ID: 36598558
and for ESXi 4.1 Page 177 Encryption and Security Certificates for ESXi

http://www.vmware.com/pdf/vsphere4/r41/vsp_41_esxi_server_config.pdf

Generate New Certificates for the ESXi Host

The ESXi host generates certificates the first time the system is started. Under certain circumstances, you might be required to force the host to generate new certificates. You typically generate new certificates only if you change the host name or accidentally delete the certificate.

Procedure

1 Select Reset Customized Settings in the direct console.

2 Reboot the system to regenerate the certificates.

There is also a procedure in the document for uploading your own Certificiate, but the easiest method would be to  Reset Customized Settings ON the direct console
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 

Author Comment

by:DoronAviad
ID: 36598559
hanccocka

I have access to the direct console (black and yenllow) direct keyboard and screen connection
0
 

Author Comment

by:DoronAviad
ID: 36598568
BestWay

I have writing in my question That I looked at the Linkes you send me..... please reread my question
0
 
LVL 121
ID: 36598587
and you have no option which states Reset Customized Settings? after logging in?
0
 

Author Comment

by:DoronAviad
ID: 36598592
hanccocka

How do I see this option in the Grahy and Yellow direct interface ????
I only see option "Reset System Configuration" I don't see "Reset customized Settings"
where is that option ???
0
 
LVL 121
ID: 36598598
Press Function Key Number 2 (F2) to Customize System.

and then second option from the bottom, you should have Reset Customized Settings?
0
 
LVL 121
ID: 36598602
That is the OPTION! you need.
0
 
LVL 121
ID: 36598606
It will perform a Default Reset of ESXi 4.1. (all vSwitches, VMNICs) it will return to factory defaults, a bit like a fresh install.
0
 
LVL 23

Assisted Solution

by:Luciano Patrão
Luciano Patrão earned 166 total points
ID: 36598628
Hi

Since you did not added the KB number I thought was another link.

Regarding how to generate, you can get all that information on the documentation, also added some in the hanccocka message.

Connect to you host ESXi direct console, choose F2, you should see the Reset Customized Settings

Jail
0
 
LVL 121

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 334 total points
ID: 36598642
Reset Customized Settings settings was used in ESXi 3.5, 4.0, in 4.1 it was changed to Reset System Configuration, and clearly VMware have not updated their documentation between ESXi versions.
0
 
LVL 23

Expert Comment

by:Luciano Patrão
ID: 36598661
Hi

Yes I have double checked and hanccocka is right, the option have changed, and the documentation still have the old name.

Jail
0
 

Author Comment

by:DoronAviad
ID: 36598710
BestWay

The docuemnts about regenerating say only one option "Reset Customize Settings" (hanccocka Thanks for updating the name was change to "Reset System Configuration"

This option seems to me to extrime, for only regenerate a new Certificate to do a complite System Reset ?

I found an articale about ESXi3 with simple command line solution but it is not available in ESXi4.1

Is there another way you advise to regenrate ?
0
 
LVL 121

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE^2)
Andrew Hancock (VMware vExpert / EE MVE^2) earned 334 total points
ID: 36598754
Not that is SUPPORTED. (unless you want to upload your own certificate).

Usually, if you change the name of an ESXi host, you would vMotion ALL VMs off the host, or backup the host first, Enter Maintenance Mode, Remove the ESX host from vCenter, Change the Hostname and IP address in the  Console, and then Reset System Configuration.

and then from Documents reconfigure your ESXi host, which should only take you 5 minutes.
0
 

Author Closing Comment

by:DoronAviad
ID: 36598805
Thanks you all for you great support
Have a great Day
0
 
LVL 23

Expert Comment

by:Luciano Patrão
ID: 36598810
Hi

I agreed that for to recreate only a certificate, is too much, but there is no create_certificates after ESXi 4.x, you have a script called generate_certificates.sh, but honestly I never used.

But looking at the script I think will generate the same Certificate. But I will test on my ESXi server test.

Jail
0
 
LVL 121
ID: 36598851
No problems.
0
 
LVL 23

Expert Comment

by:Luciano Patrão
ID: 36598905
Hi

I have run the script generate_certificates.sh and restart the host, and when I try to connect again to the ESXi host with the VMware vSphere Client ask again to add the new certificate.

So running this script this will generate a new certificate that can be used.

Hope this can help.

Jail
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I will show you HOW TO: Suppress Configuration Issues and Warnings Alert displayed in Summary status for ESXi 6.5 after enabling SSH or ESXi Shell.
Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
Teach the user how to use create log bundles for vCenter Server or ESXi hosts Open vSphere Web Client: Generate vCenter Server and ESXi host log bundle:  Open vCenter Server Appliance Web Management interface and generate log bundle: Open vCenter Se…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses

631 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question