Script to Configure SSL on ESX/ESXi

I’ve had to create a bunch of SSL certificates for ESX/ESXi hosts. Its always a pain because there are a bunch of steps and I can’t remember what my company always uses for the Organization name/Organizational unit name. I created some documentation on the process and have to look at it every time I create a certificate. It works okay, but who wants to read documentation when you can lean on a simple batch file…like this one? You just need to specify the name of the batch file and the host name of your ESX/ESXi host from a command prompt:

[cc lang=”dos” width=”550″]
@echo off
REM ======================================================================
REM == Script to generate SSL Certificate for ESX/ESXi host ==
REM == Usage: esx_ssl.bat ==
REM == Note: On Windows 7 this script must be ran from an ==
REM == elevated/administrator command prompt. ==
REM ======================================================================

set pathToOpenSSLbin=C:\OpenSSL\bin
set pathTovCLIbin=C:\Program Files\VMware\VMware vSphere CLI\bin
echo The specified ESX/ESXi host: %1

REM Generate the SSL
“%pathToOpenSSLbin%\openssl.exe” genrsa 1024 > “%pathToOpenSSLbin%\%1.key”
“%pathToOpenSSLbin%\openssl.exe” req -new -key “%pathToOpenSSLbin%\%1.key” -subj “/CN=%1/OU=Department Name/O=Company Name/L=CityName/ST=State/C=US/” > “%pathToOpenSSLbin%\rui.csr”

REM Open the Certificate Signing Request in wordpad
“%ProgramFiles%\Windows NT\Accessories\wordpad.exe” “%pathToOpenSSLbin%\rui.csr”

REM The CSR contents must be manually copied to the internal cert server
echo ======================================================================
echo The following steps must be manually completed
echo 1.) Select the contents of rui.csr and copy them to the clipboard
echo 2.) Open the certificate server site (
echo 3.) Select “Request a certificate”
echo 4.) Select “Advanced certificate Request”
echo 5.) Paste the contents of rui.csr into the saved request box
echo 6.) Select “Web Server” in the certificate template drop down
echo 7.) Save the Base 64 version of the certificate in the following path:
echo %pathToOpenSSLbin%\certnew.csr
echo ======================================================================

“%pathToOpenSSLbin%\openssl.exe” x509 –in certnew.cer –out %1.cer

set /p hostpass=Please enter the root password for %1 :

“%pathTovCLIbin%\” –server %1 –put “%pathToOpenSSLbin%\%1.key” /host/ssl_key –username root –password %hostpass%
“%pathTovCLIbin%\” –server %1 –put “%pathToOpenSSLbin%\%1.cer” /host/ssl_cert –username root –password %hostpass%

REM Create a backup copy in case you need this SSL certificate again:
copy “%pathToOpenSSLbin%\%1.key” “\\vcenter\SSL_Certificates$\%1.key” /y
copy “%pathToOpenSSLbin%\%1.cer” “\\vcenter\SSL_Certificates$\%1.cer” /y

echo Please reboot the host %1 and verify the SSL certificate.

This entry was posted in Scripting, Virtualization. Bookmark the permalink.

One Response to Script to Configure SSL on ESX/ESXi

  1. Pingback: Tweets that mention » Blog Archive » Script to Configure SSL on ESX/ESXi --

Leave a Reply

Your email address will not be published. Required fields are marked *


Notify me of followup comments via e-mail. You can also subscribe without commenting.