When you install ESXi, a default certificate for the host is generated. This is a ‘self-signed’ certificate and as such will not be trusted by default in it’s communications with other systems. Because of this, in many environments, it is preferred that the default certificate is replaced with a trusted certificate from a CA (certificate authority). This could be a well-known external certificate authority or a trusted internal CA.
Log into the ESXi host as a user with root privileges
Rename the existing certificates located in /etc/vmware/ssl
Copy the new certificate and key to /etc/vmware/ssl
Rename the two new files to rui.crt and rui.key using the ‘mv’ command
Restart the host, or the hosts management agents
There are a couple of things to bear in mind with this:
ESXi supports only X.509 certificates to encrypt session information sent over SSL
If the Verify Certificates option is set then the host is likely to drop out of vCenter if the new cert is not verifiable by vCenter. In this case the host will have to be reconnected to vCenter.
<a href="http://www.vmware.com/files/pdf/techpaper/vsp_51_vcserver_esxi_certificates.pdf" target="_blank">http://www.vmware.com/files/pdf/techpaper/vsp_51_vcserver_esxi_certificates.pdf</a>
<a href="https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2015499" target="_blank">https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2015499</a>
本文轉自學海無涯部落格51CTO部落格,原文連結http://blog.51cto.com/549687/1829992如需轉載請自行聯系原作者
520feng2007
![BurpSuite2021系列(七)Repeater詳解[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)