Renew ESXi 6 host certificate

If you are replacing your ESXi certificates with CA certificates, the best method is to make your VCSA a subordinate CA and allow it to sign certificates for the ESXi host. VMware has released a KB article on how to make your VCSA a subordinate CA.

When configured the VCSA as a subordinate CA you have to wait 24 hours before updating the ESXi host certificates. If you try to update the certificate sooner you receive an error.

ESXi host certificate renewal error

This is a safety mechanism to avoid time synchronization issues as stated in this KB article. You will also not be able to add new ESXi hosts to your inventory!

esxi_certificate_add_host_error

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s