Difference between revisions of "SSL - ESXi"

From The TinkerNet Wiki
Jump to navigation Jump to search
Line 2: Line 2:
 
PIKEDOM.COM has some very good [https://pikedom.com/replace-self-signed-certificate-on-esxi-6-7-host/ instructions].
 
PIKEDOM.COM has some very good [https://pikedom.com/replace-self-signed-certificate-on-esxi-6-7-host/ instructions].
  
Something to know if you got your certs from certbot:
+
==== Something to know if you got your certs from certbot: ====
  
 
*The file you're replacing <code>rui.crt</code> with is either <code>cert.pem</code> or <code>fullchain.pem</code> (depending on whether you've set up with one or more than one domain in your certs.
 
*The file you're replacing <code>rui.crt</code> with is either <code>cert.pem</code> or <code>fullchain.pem</code> (depending on whether you've set up with one or more than one domain in your certs.
Line 10: Line 10:
 
So...
 
So...
  
=== Loggin into the server to install ===
+
===Loggin into the server to install===
 
SSH into the server...
 
SSH into the server...
  

Revision as of 22:37, 24 September 2020

Installing manual certs on an ESXi server

PIKEDOM.COM has some very good instructions.

Something to know if you got your certs from certbot:

  • The file you're replacing rui.crt with is either cert.pem or fullchain.pem (depending on whether you've set up with one or more than one domain in your certs.
  • The file you're replacing rui.key with is privkey.pem.
  • Both of the files from certbot may have a number attached to the end of the filename itself.

So...

Loggin into the server to install

SSH into the server...

  • cd /etc/vmware/ssl
  • mv rui.crt orig.rui.crt
  • mv rui.key orig.rui.key
  • vi rui.crt
    • Paste in the content of fullchain.pem
  • vi rui.key
    • Paste in the content of privkey.pem
  • reboot

Using SCP to install the certs

You should be able directly install certs on your ESXi server thanks to vmWares bad habit of allowing SSH as root...

  • sudo scp /etc/letsencrypt/live/NAME.DOMAIN.TLD/fullchain.pem root@NAME.DOMAIN.TLD:/etc/vmware/ssl/rui.crt
  • sudo scp /etc/letsencrypt/live/NAME.DOMAIN.TLD/privkey.pem root@NAME.DOMAIN.TLD:/etc/vmware/ssl/rui.key
  • ssh root@NAME.DOMAIN.TLD /etc/init.d/rhttpproxy restart

Of course, you'll replace NAME.DOMAIN.TLD with the actual name of your server...