Difference between revisions of "SSL - ESXi"

From The TinkerNet Wiki
Jump to navigation Jump to search
(Created page with "= Installing manual certs on an ESXi server = PIKEDOM.COM has some very good [https://pikedom.com/replace-self-signed-certificate-on-esxi-6-7-host/ instructions]. Something t...")
 
 
(7 intermediate revisions by 2 users not shown)
Line 1: Line 1:
= Installing manual certs on an ESXi server =
+
==Installing manual certs on an ESXi server==
 
PIKEDOM.COM has some very good [https://pikedom.com/replace-self-signed-certificate-on-esxi-6-7-host/ instructions].
 
PIKEDOM.COM has some very good [https://pikedom.com/replace-self-signed-certificate-on-esxi-6-7-host/ instructions].
  
Something to know if you got your certs from certbot:
+
====Something to know if you got your certs from certbot:====
  
 
*The file you're replacing <code>rui.crt</code> with is either <code>cert.pem</code> or <code>fullchain.pem</code> (depending on whether you've set up with one or more than one domain in your certs.
 
*The file you're replacing <code>rui.crt</code> with is either <code>cert.pem</code> or <code>fullchain.pem</code> (depending on whether you've set up with one or more than one domain in your certs.
*The file you're replacing <code>rui.key</code> with is either <code>privkey.pem</code>.
+
*The file you're replacing <code>rui.key</code> with is <code>privkey.pem</code>.
 
*Both of the files from certbot may have a number attached to the end of the filename itself.
 
*Both of the files from certbot may have a number attached to the end of the filename itself.
  
 
So...
 
So...
  
 +
===Loggin into the server to install===
 
SSH into the server...
 
SSH into the server...
  
Line 20: Line 21:
 
**Paste in the content of <code>privkey.pem</code>
 
**Paste in the content of <code>privkey.pem</code>
 
*<code>reboot</code>
 
*<code>reboot</code>
 +
 +
===Using SCP to install the certs===
 +
'''<big>Do This From The Web Server.</big>'''
 +
 +
You should be able directly install certs on your ESXi server thanks to vmWares bad habit of allowing SSH as root...
 +
 +
*<code>sudo scp /etc/letsencrypt/live/NAME.DOMAIN.TLD/fullchain.pem root@NAME.DOMAIN.TLD:/etc/vmware/ssl/rui.crt</code>
 +
*<code>sudo scp /etc/letsencrypt/live/NAME.DOMAIN.TLD/privkey.pem root@NAME.DOMAIN.TLD:/etc/vmware/ssl/rui.key</code>
 +
*<code>ssh root@NAME.DOMAIN.TLD /etc/init.d/rhttpproxy restart</code>
 +
 +
Of course, you'll replace '''NAME.DOMAIN.TLD''' with the actual name of your server...

Latest revision as of 00:27, 1 December 2020

Installing manual certs on an ESXi server

PIKEDOM.COM has some very good instructions.

Something to know if you got your certs from certbot:

  • The file you're replacing rui.crt with is either cert.pem or fullchain.pem (depending on whether you've set up with one or more than one domain in your certs.
  • The file you're replacing rui.key with is privkey.pem.
  • Both of the files from certbot may have a number attached to the end of the filename itself.

So...

Loggin into the server to install

SSH into the server...

  • cd /etc/vmware/ssl
  • mv rui.crt orig.rui.crt
  • mv rui.key orig.rui.key
  • vi rui.crt
    • Paste in the content of fullchain.pem
  • vi rui.key
    • Paste in the content of privkey.pem
  • reboot

Using SCP to install the certs

Do This From The Web Server.

You should be able directly install certs on your ESXi server thanks to vmWares bad habit of allowing SSH as root...

  • sudo scp /etc/letsencrypt/live/NAME.DOMAIN.TLD/fullchain.pem root@NAME.DOMAIN.TLD:/etc/vmware/ssl/rui.crt
  • sudo scp /etc/letsencrypt/live/NAME.DOMAIN.TLD/privkey.pem root@NAME.DOMAIN.TLD:/etc/vmware/ssl/rui.key
  • ssh root@NAME.DOMAIN.TLD /etc/init.d/rhttpproxy restart

Of course, you'll replace NAME.DOMAIN.TLD with the actual name of your server...