Difference between revisions of "SSL - ESXi"
Jump to navigation
Jump to search
(Created page with "= Installing manual certs on an ESXi server = PIKEDOM.COM has some very good [https://pikedom.com/replace-self-signed-certificate-on-esxi-6-7-host/ instructions]. Something t...") |
|||
| Line 1: | Line 1: | ||
| − | = Installing manual certs on an ESXi server = | + | ==Installing manual certs on an ESXi server== |
PIKEDOM.COM has some very good [https://pikedom.com/replace-self-signed-certificate-on-esxi-6-7-host/ instructions]. | PIKEDOM.COM has some very good [https://pikedom.com/replace-self-signed-certificate-on-esxi-6-7-host/ instructions]. | ||
| Line 20: | Line 20: | ||
**Paste in the content of <code>privkey.pem</code> | **Paste in the content of <code>privkey.pem</code> | ||
*<code>reboot</code> | *<code>reboot</code> | ||
| + | |||
| + | == Using SCP to install the certs == | ||
| + | You should be able directly install certs on your ESXi server thanks to vmWares bad habit of allowing SSH as root... | ||
| + | |||
| + | '''''<big><u>THIS HAS NOT YET BEEN FULLY TESTED!</u></big>''''' | ||
| + | |||
| + | '''You have been warned.''' | ||
| + | |||
| + | * <code>scp /etc/letsencrypt/live/NAME.DOMAIN.TLD/fullchain.pem root@NAME.DOMAIN.TLD:/etc/vmware/ssl/rui.crt</code> | ||
| + | * <code>scp /etc/letsencrypt/live/NAME.DOMAIN.TLD/privkey.pem root@NAME.DOMAIN.TLD:/etc/vmware/ssl/rui.key</code> | ||
| + | * <code>ssh root@NAME.DOMAIN.TLD reboot</code> | ||
| + | |||
| + | Of course, you'll replace '''NAME.DOMAIN.TLD''' with the actual name of your server... | ||
Revision as of 00:07, 2 July 2020
Installing manual certs on an ESXi server
PIKEDOM.COM has some very good instructions.
Something to know if you got your certs from certbot:
- The file you're replacing
rui.crtwith is eithercert.pemorfullchain.pem(depending on whether you've set up with one or more than one domain in your certs. - The file you're replacing
rui.keywith is eitherprivkey.pem. - Both of the files from certbot may have a number attached to the end of the filename itself.
So...
SSH into the server...
cd /etc/vmware/sslmv rui.crt orig.rui.crtmv rui.key orig.rui.keyvi rui.crt- Paste in the content of
fullchain.pem
- Paste in the content of
vi rui.key- Paste in the content of
privkey.pem
- Paste in the content of
reboot
Using SCP to install the certs
You should be able directly install certs on your ESXi server thanks to vmWares bad habit of allowing SSH as root...
THIS HAS NOT YET BEEN FULLY TESTED!
You have been warned.
scp /etc/letsencrypt/live/NAME.DOMAIN.TLD/fullchain.pem root@NAME.DOMAIN.TLD:/etc/vmware/ssl/rui.crtscp /etc/letsencrypt/live/NAME.DOMAIN.TLD/privkey.pem root@NAME.DOMAIN.TLD:/etc/vmware/ssl/rui.keyssh root@NAME.DOMAIN.TLD reboot
Of course, you'll replace NAME.DOMAIN.TLD with the actual name of your server...
