slideshow 6 slideshow 4 slideshow 8 slideshow 1 slideshow 2 slideshow 3 slideshow 5 slideshow 7

Script to get and set ESXi thumbprint for vSphere Management Assistant

With this simple script you can get and set the ESXi thumbprint on the vSphere Management Assistant. This is necessary starting with vSphere 6, also explained in this knowledge base article: KB2108416

To add the thumbprint you first execute a command such as esxcli -s servername system version get
This command will generate an error message containing the thumbprint. You then update the certificate with this command:

/usr/lib/vmware-vcli/apps/general/credstore_admin.pl add -s server -t thumbprint

The script I have created extracts the thumbprint from the first command and uses it in the second command.

To use the script from the vSphere Management Assistant the simplest solution is to login to the vMA and execute the following command:

wget www.vmwarebits.com/setthumb

​This will download the script file into your current folder

Next set the executable flag for the script: chmod +x setthumb

And finally execute the script:   ./setthumb

The script will report on what it is doing. I did not add all the possible error handling for all types of conditions. So you will have to interpret what's happing yourself. 

 

For your reference here is the actual script:

#!/bin/bash
# Get the ESXi server thumbprint and add it to the certificate store
# Rob Bastiaansen, October 2015
# rob@vmwarebits.com
#
echo -e 'Enter servername to set thumbprint for: \c'
read servername
echo -e 'Username: \c'
read username
echo -e 'Password: \c'
read -s password
echo 
echo "Executing command: vifp addserver $servername --authpolicy fpauth --username $username --password ********"
echo

vifp addserver $servername --authpolicy fpauth --username $username --password $password
echo
echo Attempting to connect and get ESXi version information
#Get the ESXi version. If this is returned then the server is already trusted. 
#Otherwise get the thumbprint from this output 
esxcli -s $servername system version get > /tmp/thumb.tmp
echo
if grep 'not trusted' /tmp/thumb.tmp
then
echo
echo This host is not trusted, extracting thumbprint from previous command
echo
sed 's/thumbprint: /#/g' /tmp/thumb.tmp | cut -f 2 -d "#" | cut -f 1 -d "(" > /tmp/thumb.found
echo -e 'Thumbprint found: \c'
cat /tmp/thumb.found
echo 
echo Adding thumprint with command /usr/lib/vmware-vcli/apps/general/credstore_admin.pl add -s $servername -t $(cat /tmp/thumb.found)
echo
/usr/lib/vmware-vcli/apps/general/credstore_admin.pl add -s $servername -t $(cat /tmp/thumb.found)
echo
else
#the host was already trusted, display the ESXi version information and report that it was already trusted
cat /tmp/thumb.tmp
echo
echo This host is already trusted, no further action needed
echo
fi

Follow us on LinkedIn