Solved

Regenerate certificate on ESXi 4.1

Posted on 2011-09-26
19
1,101 Views
Last Modified: 2012-05-12
Hello

I have ESXi 4.1 and I need to regenerate Certificate becuase of ESXi Host name and dns change
How can I do it ?

p.s.
In vmware web site there is an artical
http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=1008166&sliceId=1&docTypeID=DT_KB_1_1&dialogID=224246673&stateId=0 0 224248440 saying:

Generate New Certificates for the ESXi Host
The ESXi host generates certificates the first time the system is started. Under certain circumstances, you might
be required to force the host to generate new certificates. You typically generate new certificates only if you
change the host name or accidentally delete the certificate.
Procedure
1 Select Reset Customized Settings in the direct console.
2 Reboot the system to regenerate the certificates

I have entered the console from the Host itself and I can't find this option "Reset Customized Settings"

My question is how can I regenerate a new certificate for my ESXi4.1 Host
Please Advise
0
Comment
Question by:DoronAviad
  • 9
  • 5
  • 5
19 Comments
 
LVL 118
ID: 36598495
Do you not have access to the actually Direct Console User Interface? (black and yellow screen)?

e.g. via iLO, DRAC or KVM?
0
 
LVL 22

Expert Comment

by:Luciano Patrão
ID: 36598523
Hi

Here you have all the information about certifcates for all vSphere versions

http://kb.vmware.com/kb/1008166

and also

http://kb.vmware.com/kb/4646606

Jail
0
 
LVL 118
ID: 36598558
and for ESXi 4.1 Page 177 Encryption and Security Certificates for ESXi

http://www.vmware.com/pdf/vsphere4/r41/vsp_41_esxi_server_config.pdf

Generate New Certificates for the ESXi Host

The ESXi host generates certificates the first time the system is started. Under certain circumstances, you might be required to force the host to generate new certificates. You typically generate new certificates only if you change the host name or accidentally delete the certificate.

Procedure

1 Select Reset Customized Settings in the direct console.

2 Reboot the system to regenerate the certificates.

There is also a procedure in the document for uploading your own Certificiate, but the easiest method would be to  Reset Customized Settings ON the direct console
0
 

Author Comment

by:DoronAviad
ID: 36598559
hanccocka

I have access to the direct console (black and yenllow) direct keyboard and screen connection
0
 

Author Comment

by:DoronAviad
ID: 36598568
BestWay

I have writing in my question That I looked at the Linkes you send me..... please reread my question
0
 
LVL 118
ID: 36598587
and you have no option which states Reset Customized Settings? after logging in?
0
 

Author Comment

by:DoronAviad
ID: 36598592
hanccocka

How do I see this option in the Grahy and Yellow direct interface ????
I only see option "Reset System Configuration" I don't see "Reset customized Settings"
where is that option ???
0
 
LVL 118
ID: 36598598
Press Function Key Number 2 (F2) to Customize System.

and then second option from the bottom, you should have Reset Customized Settings?
0
 
LVL 118
ID: 36598602
That is the OPTION! you need.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 118
ID: 36598606
It will perform a Default Reset of ESXi 4.1. (all vSwitches, VMNICs) it will return to factory defaults, a bit like a fresh install.
0
 
LVL 22

Assisted Solution

by:Luciano Patrão
Luciano Patrão earned 166 total points
ID: 36598628
Hi

Since you did not added the KB number I thought was another link.

Regarding how to generate, you can get all that information on the documentation, also added some in the hanccocka message.

Connect to you host ESXi direct console, choose F2, you should see the Reset Customized Settings

Jail
0
 
LVL 118

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE) earned 334 total points
ID: 36598642
Reset Customized Settings settings was used in ESXi 3.5, 4.0, in 4.1 it was changed to Reset System Configuration, and clearly VMware have not updated their documentation between ESXi versions.
0
 
LVL 22

Expert Comment

by:Luciano Patrão
ID: 36598661
Hi

Yes I have double checked and hanccocka is right, the option have changed, and the documentation still have the old name.

Jail
0
 

Author Comment

by:DoronAviad
ID: 36598710
BestWay

The docuemnts about regenerating say only one option "Reset Customize Settings" (hanccocka Thanks for updating the name was change to "Reset System Configuration"

This option seems to me to extrime, for only regenerate a new Certificate to do a complite System Reset ?

I found an articale about ESXi3 with simple command line solution but it is not available in ESXi4.1

Is there another way you advise to regenrate ?
0
 
LVL 118

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE)
Andrew Hancock (VMware vExpert / EE MVE) earned 334 total points
ID: 36598754
Not that is SUPPORTED. (unless you want to upload your own certificate).

Usually, if you change the name of an ESXi host, you would vMotion ALL VMs off the host, or backup the host first, Enter Maintenance Mode, Remove the ESX host from vCenter, Change the Hostname and IP address in the  Console, and then Reset System Configuration.

and then from Documents reconfigure your ESXi host, which should only take you 5 minutes.
0
 

Author Closing Comment

by:DoronAviad
ID: 36598805
Thanks you all for you great support
Have a great Day
0
 
LVL 22

Expert Comment

by:Luciano Patrão
ID: 36598810
Hi

I agreed that for to recreate only a certificate, is too much, but there is no create_certificates after ESXi 4.x, you have a script called generate_certificates.sh, but honestly I never used.

But looking at the script I think will generate the same Certificate. But I will test on my ESXi server test.

Jail
0
 
LVL 118
ID: 36598851
No problems.
0
 
LVL 22

Expert Comment

by:Luciano Patrão
ID: 36598905
Hi

I have run the script generate_certificates.sh and restart the host, and when I try to connect again to the ESXi host with the VMware vSphere Client ask again to add the new certificate.

So running this script this will generate a new certificate that can be used.

Hope this can help.

Jail
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Join & Write a Comment

It Is not possible to enable LLDP in vSwitch(at least is not supported by VMware), so in this article we will enable this, and also go trough how to enabled CDP and how to get this information in vSwitches and also in vDS.
Veeam Backup & Replication has added a new integration – Veeam Backup for Microsoft Office 365.  In this blog, we will discuss how you can benefit from Office 365 email backup with the Veeam’s new product and try to shed some light on the needs and …
Teach the user how to use create log bundles for vCenter Server or ESXi hosts Open vSphere Web Client: Generate vCenter Server and ESXi host log bundle:  Open vCenter Server Appliance Web Management interface and generate log bundle: Open vCenter Se…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now