Subscribe to my RSS Feed
Join 2,575 other subscribers
My ramblings on the stuff that holds it all together
If you have been through the pain of changing ESX host certificates from self-signed to real (CA signed certificates), you can check which certificate you are currently using for vCenter–>ESX host traffic by issuing the following command in an SSH session on the host
openssl x509 -noout -in /etc/vmware/ssl/rui.crt –text
You will see the details inside the SSL cert, signing authority etc. If the SSL cert contents make reference to VMware, you’re still using a self-signed certificate.
The vpxa (vCenter management) service on the ESX host is hard-coded to use /etc/vmware/ssl/rui.crt when the service is started (or restarted) so you can examine its properties using the above command to check
I can’t find any graphical way of checking this in the VI Client.
When I try this on my 5.0 esxi box, it says unknown option -text, and then lists all the options I can use (including -text!).
I’m on OpenSSL 0.9.8za 5 Jun 2014.
I had to remove -noout.
This works…”openssl x509 -in /etc/vmware/ssl/rui.crt -text”
Hey Richard Kenyan, when you copy and past the link it changed the “-” to a “.” so you will need to ensure that it says “-text” not “.text”
I had the same issue.