Difference between revisions of "SSL - ESXi"
Jump to navigation
Jump to search
m (removed an "either" from the sentence as there is only one in this instance) |
|||
| (5 intermediate revisions by the same user not shown) | |||
| Line 2: | Line 2: | ||
PIKEDOM.COM has some very good [https://pikedom.com/replace-self-signed-certificate-on-esxi-6-7-host/ instructions]. | PIKEDOM.COM has some very good [https://pikedom.com/replace-self-signed-certificate-on-esxi-6-7-host/ instructions]. | ||
| − | Something to know if you got your certs from certbot: | + | ====Something to know if you got your certs from certbot:==== |
*The file you're replacing <code>rui.crt</code> with is either <code>cert.pem</code> or <code>fullchain.pem</code> (depending on whether you've set up with one or more than one domain in your certs. | *The file you're replacing <code>rui.crt</code> with is either <code>cert.pem</code> or <code>fullchain.pem</code> (depending on whether you've set up with one or more than one domain in your certs. | ||
| Line 10: | Line 10: | ||
So... | So... | ||
| + | ===Loggin into the server to install=== | ||
SSH into the server... | SSH into the server... | ||
| Line 21: | Line 22: | ||
*<code>reboot</code> | *<code>reboot</code> | ||
| − | ==Using SCP to install the certs== | + | ===Using SCP to install the certs=== |
| + | '''<big>Do This From The Web Server.</big>''' | ||
| + | |||
You should be able directly install certs on your ESXi server thanks to vmWares bad habit of allowing SSH as root... | You should be able directly install certs on your ESXi server thanks to vmWares bad habit of allowing SSH as root... | ||
| − | + | *<code>sudo scp /etc/letsencrypt/live/NAME.DOMAIN.TLD/fullchain.pem root@NAME.DOMAIN.TLD:/etc/vmware/ssl/rui.crt</code> | |
| − | + | *<code>sudo scp /etc/letsencrypt/live/NAME.DOMAIN.TLD/privkey.pem root@NAME.DOMAIN.TLD:/etc/vmware/ssl/rui.key</code> | |
| − | + | *<code>ssh root@NAME.DOMAIN.TLD /etc/init.d/rhttpproxy restart</code> | |
| − | |||
| − | *<code>scp /etc/letsencrypt/live/NAME.DOMAIN.TLD/fullchain.pem root@NAME.DOMAIN.TLD:/etc/vmware/ssl/rui.crt</code> | ||
| − | *<code>scp /etc/letsencrypt/live/NAME.DOMAIN.TLD/privkey.pem root@NAME.DOMAIN.TLD:/etc/vmware/ssl/rui.key</code> | ||
| − | *<code>ssh root@NAME.DOMAIN.TLD | ||
Of course, you'll replace '''NAME.DOMAIN.TLD''' with the actual name of your server... | Of course, you'll replace '''NAME.DOMAIN.TLD''' with the actual name of your server... | ||
Latest revision as of 01:27, 1 December 2020
Contents
Installing manual certs on an ESXi server
PIKEDOM.COM has some very good instructions.
Something to know if you got your certs from certbot:
- The file you're replacing
rui.crtwith is eithercert.pemorfullchain.pem(depending on whether you've set up with one or more than one domain in your certs. - The file you're replacing
rui.keywith isprivkey.pem. - Both of the files from certbot may have a number attached to the end of the filename itself.
So...
Loggin into the server to install
SSH into the server...
cd /etc/vmware/sslmv rui.crt orig.rui.crtmv rui.key orig.rui.keyvi rui.crt- Paste in the content of
fullchain.pem
- Paste in the content of
vi rui.key- Paste in the content of
privkey.pem
- Paste in the content of
reboot
Using SCP to install the certs
Do This From The Web Server.
You should be able directly install certs on your ESXi server thanks to vmWares bad habit of allowing SSH as root...
sudo scp /etc/letsencrypt/live/NAME.DOMAIN.TLD/fullchain.pem root@NAME.DOMAIN.TLD:/etc/vmware/ssl/rui.crtsudo scp /etc/letsencrypt/live/NAME.DOMAIN.TLD/privkey.pem root@NAME.DOMAIN.TLD:/etc/vmware/ssl/rui.keyssh root@NAME.DOMAIN.TLD /etc/init.d/rhttpproxy restart
Of course, you'll replace NAME.DOMAIN.TLD with the actual name of your server...
