Alert: ESXi Host Certificate Status

You typically generate new certificates only if you change the host name or accidentally delete the certificate. Under certain circumstances, you must force the host to generate new certificates.

Status of ESXi certificate

It is possible to check certificate with login to ESXi:

How to regenerate new ESXi certificate?

Login via ssh to ESXi in maintenance mode:

cd /etc/vmware/ssl
mv rui.crt orig.rui.crt
mv rui.key orig.rui.key

/sbin/generate-certificates

reboot

What to do next

Consider replacing the self-signed certificate and key with a trusted certificate and key.

More info Generate New Self-Signed Certificates for ESXi

Author: Daniel Micanek

Senior Service Architect, SAP Platform Services Team at Tietoevry | SUSE SCA | vExpert ⭐⭐⭐⭐⭐ | vExpert NSX | VCIX-DCV/NV | VCAP-DCV/NV Design+Deploy | VCP-DCV/NV/CMA/TKO/DTM | NCIE-DP | OCP | Azure Solutions Architect | Certified Kubernetes Administrator (CKA)