Skip to main content

Configure or enable/disable TLS on ESXi server

  •  Login to vCenter server Appliance using root credential.
  • Go to path: /usr/lib/vmware-TlsReconfigurator/EsxTlsReconfigurator
  • To Enable TLS 1.2 only to all ESXI hosts under a cluster:

       ./reconfigureEsx vCenterCluster -c <Cluster_Name> -u <Administrative_User> -p TLSv1.2

        :Vcenter server user name for ex:administrator@vsphere.local

  • To Enable TLS 1.1,1.2 only to a specific host under the vCenter server:

    ./reconfigureEsx vCenterCluster -h <ESXI_host_Name> -u <Administrative_User> -p TLSv1.1                 TLSv1.2

     :Vcenter server user name for ex:administrator@vsphere.local

  • Reboot ESXI host to commit the protocol change.
  • verify the TLS enabled version  
        [root@R:~] openssl ciphers -v | awk '{print $2}' | sort | uniq
        SSLv3
        TLSv1.2
        [root@R:~]

 


        Comments

        Post a Comment

        Popular posts from this blog

        Deploy OVF fails Issues detected with selected template. Details: VALUE_ILLEGAL: No supported hardware versions among [virtualbox-2.2]; supported: [vmx-04, vmx-07, vmx-08, vmx-09, vmx-10, vmx-11, vmx-12, vmx-13, vmx-14, vmx-15, vmx-16, vmx-17, vmx-18, vmx-19].

         Error: While deploy using OVF file ,getting error as : Issues detected with selected template. Details: - -1:-1:VALUE_ILLEGAL: No supported hardware versions among [virtualbox-2.2]; supported: [vmx-04, vmx-07, vmx-08, vmx-09, vmx-10, vmx-11, vmx-12, vmx-13, vmx-14, vmx-15, vmx-16, vmx-17, vmx-18, vmx-19]. Solution: Open .OVF file and edit       <Info>Virtual hardware requirements for a virtual machine</Info>       <System>         <vssd:ElementName>Virtual Hardware Family</vssd:ElementName>         <vssd:InstanceID>0</vssd:InstanceID>         <vssd:VirtualSystemIdentifier>zabbix_appliance-6.2.7</vssd:VirtualSystemIdentifier>         <vssd:VirtualSystemType> virtualbox-2.2 </vssd:VirtualSystemType>       </System> to  vmx-19       <Info>Virtual hardware requireme...
        Post a Comment
        Read more

        Change ESXi acceptane level of VIBs to community Supported

        -When you install VIB bundles you may see issue like:               'Could not find a trusted signer: self signed certificate  For resolving this issue, we have to convert the ESXi to community supported acceptance level. -To do that: if  ESXI is a VM :      Edit settings ->boot option ->disable secure boot. if Physical ESXi:      Edit  UEFI Now ssh to ESXi: - Move the ESX machine to community-support esxcli software acceptance set --level=CommunitySupported - Install the bundle with no-sign-check esxcli software vib install -d  VMware_bootbank_vmware-fdm_7.0.1-16478307.vib --no-sig-check -  Set back PartnerSupported esxcli software acceptance set --level=PartnerSupported
        Post a Comment
        Read more