Regenerate the Self-Signed Certificate on All Hosts
Once you have configured the
ESXi
hosts' identity by providing a hostname you must regenerate the self-signed certificate to
ensure the correct common name is defined.During the installation of
ESXi
, the installer generates a self-signed
certificate for each ESXi
host but
the process is performed prior to the ESXi
identity being configured. This means all ESXi
hosts have a common name in their
self-signed certificate of localhost.localdomain
. All
communication between VMware Cloud Builder
and the ESXi
hosts is performed securely over HTTPS and as a result it
validates the identify when making a connection by comparing the common name of the
certificate against the FQDN provided within the VMware Cloud Builder
configuration file. To ensure that the connection attempts
and validation does not fail, you must manually regenerate the self-signed
certificate after hostname has been configured.
VMware
Cloud Foundation
supports the use of signed certificates.
If your organization's security policy mandates that all ESXi
hosts must be configured with a CA-signed
certificate, see Configure ESXi Hosts with Signed Certificates.- In a web browser, log in to the ESXi host using the VMware Host Client.
- In the navigation pane, clickManageand click theServicestab.
- Select theTSM-SSHservice and clickStartif not started.
- Log in to the ESXi host using an SSH client such as Putty.
- Regenerate the self-signed certificate by executing the following command:/sbin/generate-certificates
- Restart the hostd and vpxa services by executing the following command:/etc/init.d/hostd restart && /etc/init.d/vpxa restart
- In the VMware Host Client, select theTSM-SSHservice for the ESXi host and clickStart.
- Repeat this procedure for all remaining hosts.