Importing custom SSL certificate on the vSphere UI for an ESXI host fails with the following error "Cannot change the host configuration".
search cancel

Importing custom SSL certificate on the vSphere UI for an ESXI host fails with the following error "Cannot change the host configuration".

book

Article ID: 397317

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

When we select Host -> Configure -> Certificate -> Manage with external CA -> Import and Replace -> Upload the certificate -> Next -> Finish, we hit the following error "Cannot change the host configuration".

Environment

VMware vSphere 7.x.

VMware vSphere 8.x.

Cause

This issue occurs if there is a FQDN mismatch between the CSR or certificate with the actual ESXi hostname.

Resolution

Perform the following steps to resolve the issue:

    • Set the hostname with the FQDN by running the following command: esxcli system hostname set --host=<FQDN of the host>
    • Regenerate the CSR through the vSphere UI. We can refer the following kb as well: Configuring CA signed certificates for ESXi hosts
    • Replace the certificate on the ESXi host successfully. 
Powered by Wolken Software