Regenerating Self-Signed Certificates on Standalone ESXi Hosts
Article ID: 411694
Updated On:
Products
Issue/Introduction
This article provides the procedure to regenerate the self-signed SSL certificate on standalone VMware ESXi hosts running version 7.0 or later.
Regenerating certificates may be necessary if the existing certificate is expired, corrupted, or causing connectivity issues with management tools.
Environment
VMware ESXi 7
VMware ESXi 8
Resolution
Ensure you have administrative access to the ESXi host.
Log in ESXi from DCUI or enable SSH access temporarily if not already enabled.
1. Log in to ESXi Host Client
Open a web browser and connect directly to the ESXi host using the VMware Host Client. Log in with root credentials.
2. Enable SSH Service
In the left navigation pane, select Manage > Services.
Locate TSM-SSH (SSH service).
If it is not running, click Start to enable the SSH service.
3. Connect via SSH
Use an SSH client such as PuTTY or Windows Command Prompt to connect to the ESXi host with root credentials.
4. Regenerate Certificates
Run the following command to generate a new self-signed certificate:
#/sbin/generate-certificates
5. Restart Management Agents
Restart the host management services to apply the new certificate:
#/etc/init.d/hostd restart && /etc/init.d/vpxa restart
6. Repeat for Additional Hosts
If you manage multiple standalone ESXi hosts, repeat this procedure on each host as required.
Feedback
