Difference between revisions of "SSL - ESXi"

From The TinkerNet Wiki
Jump to navigation Jump to search
m (removed an "either" from the sentence as there is only one in this instance)
Line 28: Line 28:
 
'''You have been warned.'''
 
'''You have been warned.'''
  
*<code>scp /etc/letsencrypt/live/NAME.DOMAIN.TLD/fullchain.pem root@NAME.DOMAIN.TLD:/etc/vmware/ssl/rui.crt</code>
+
*<code>sudo scp /etc/letsencrypt/live/NAME.DOMAIN.TLD/fullchain.pem root@NAME.DOMAIN.TLD:/etc/vmware/ssl/rui.crt</code>
*<code>scp /etc/letsencrypt/live/NAME.DOMAIN.TLD/privkey.pem root@NAME.DOMAIN.TLD:/etc/vmware/ssl/rui.key</code>
+
*<code>sudo scp /etc/letsencrypt/live/NAME.DOMAIN.TLD/privkey.pem root@NAME.DOMAIN.TLD:/etc/vmware/ssl/rui.key</code>
 
*<code>ssh root@NAME.DOMAIN.TLD reboot</code>
 
*<code>ssh root@NAME.DOMAIN.TLD reboot</code>
  
 
Of course, you'll replace '''NAME.DOMAIN.TLD''' with the actual name of your server...
 
Of course, you'll replace '''NAME.DOMAIN.TLD''' with the actual name of your server...

Revision as of 13:56, 2 July 2020

Installing manual certs on an ESXi server

PIKEDOM.COM has some very good instructions.

Something to know if you got your certs from certbot:

  • The file you're replacing rui.crt with is either cert.pem or fullchain.pem (depending on whether you've set up with one or more than one domain in your certs.
  • The file you're replacing rui.key with is privkey.pem.
  • Both of the files from certbot may have a number attached to the end of the filename itself.

So...

SSH into the server...

  • cd /etc/vmware/ssl
  • mv rui.crt orig.rui.crt
  • mv rui.key orig.rui.key
  • vi rui.crt
    • Paste in the content of fullchain.pem
  • vi rui.key
    • Paste in the content of privkey.pem
  • reboot

Using SCP to install the certs

You should be able directly install certs on your ESXi server thanks to vmWares bad habit of allowing SSH as root...

THIS HAS NOT YET BEEN FULLY TESTED!

You have been warned.

  • sudo scp /etc/letsencrypt/live/NAME.DOMAIN.TLD/fullchain.pem root@NAME.DOMAIN.TLD:/etc/vmware/ssl/rui.crt
  • sudo scp /etc/letsencrypt/live/NAME.DOMAIN.TLD/privkey.pem root@NAME.DOMAIN.TLD:/etc/vmware/ssl/rui.key
  • ssh root@NAME.DOMAIN.TLD reboot

Of course, you'll replace NAME.DOMAIN.TLD with the actual name of your server...