Manage CA Certificates with ESXCLI
You can use ESXCLI to manage certificates in the CA certificate store.
You must manage certificates in the CA
certificate store when configuring a remote syslog server that uses the TLS protocol
for communications. To establish secure communications, you must add the public CA
certificate for the remote syslog server to the
ESXi
CA certificate store.The following example adds a new CA
certificate to the CA certificate store, lists all available certificates in the
store, and removes a certificate from the store. Specify one of the options listed
in Connection Options for ESXCLI Host Management Commands
in place of
<conn_options>
. - Add a new CA certificate to the CA certificate store.esxcli <conn_options> system security certificatestore add --filename=<local_file>
- List all certificates in the CA certificate store.esxcli <conn_options> system security certificatestore list
- Remove a certificate from the CA certificate store.
- Remove a certificate by specifying the file name.esxcli <conn_options> system security certificatestore remove --filename=<local_file>
- Remove a certificate by specifying the issuer name and serial number.esxcli <conn_options> system security certificatestore remove --issuer=<issuer_name> --serial=<serial_number>