Virtualization, Cloud, Infrastructure and all that stuff in-between

My ramblings on the stuff that holds it all together

Find which SSL certificate is being used on an ESX host

2 Comments Posted by on December 4, 2014

If you have been through the pain of changing ESX host certificates from self-signed to real (CA signed certificates), you can check which certificate you are currently using for vCenter–>ESX host traffic by issuing the following command in an SSH session on the host

openssl x509 -noout -in /etc/vmware/ssl/rui.crt –text

You will see the details inside the SSL cert, signing authority etc. If the SSL cert contents make reference to VMware, you’re still using a self-signed certificate.

The vpxa (vCenter management) service on the ESX host is hard-coded to use /etc/vmware/ssl/rui.crt when the service is started (or restarted) so you can examine its properties using the above command to check
I can’t find any graphical way of checking this in the VI Client.

Uncategorized

2 responses to “Find which SSL certificate is being used on an ESX host

  1. Richard Kenyan December 4, 2014 at 5:41 pm

    When I try this on my 5.0 esxi box, it says unknown option -text, and then lists all the options I can use (including -text!).
    I’m on OpenSSL 0.9.8za 5 Jun 2014.
    I had to remove -noout.
    This works…”openssl x509 -in /etc/vmware/ssl/rui.crt -text”

    Reply
  2. Byron Morrison June 18, 2015 at 11:38 pm

    Hey Richard Kenyan, when you copy and past the link it changed the “-” to a “.” so you will need to ensure that it says “-text” not “.text”

    I had the same issue.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: