Technology

VMware – Renewing or Refreshing Certificates for ESXi Hosts

Nizar

If VMCA manages certificates for your ESXi hosts (version 6.0 or later), you can renew or refresh these certificates using the vSphere Client.

  • Renew: Get a new signed certificate from VMCA.
  • Refresh: Update the host with all certificates from the TRUSTED_ROOTS store associated with vCenter Server.

Certificates should be renewed when:

  • They are close to expiration.
  • You need to provision a new certificate.

If a certificate expires without being renewed, re-adding the host to vCenter Server automatically renews the certificate and reestablishes trust.

Prerequisites

Before you proceed, ensure:

  1. ESXi hosts are connected to the vCenter Server system.
  2. Time synchronization is accurate between the vCenter Server and ESXi hosts.
  3. DNS resolution is functional between vCenter Server and ESXi hosts.
  4. vCenter Server’s MACHINE_SSL_CERT and Trusted Root certificates are valid (KB Article 2111411).
  5. The ESXi hosts are not in maintenance mode.

Steps to Renew or Refresh Certificates

  1. Open vSphere Client: Locate the host in the inventory.
  2. Navigate to the Configuration: Click Configure in the host view.
  3. Access Certificate Settings: Under System, click Certificate to view details of the host’s certificate.
  4. Choose an Action:
    • Renew: Retrieve a new signed certificate from VMCA.
    • Refresh CA Certificates: Push all TRUSTED_ROOTS certificates from the vCenter Server to the host.
  5. Confirm the Action: Click Yes to proceed.

Related Posts

Technology

How to Use Terraform to Set Up VMs and Resource Groups on Azure

Nizar
Technology

Configuring VM-VM Anti-Affinity Policy in Nutanix

Nizar
Share
Copy Link
×