With this simple script you can get and set the ESXi thumbprint on the vSphere Management Assistant. This is necessary starting with vSphere 6, also explained in this knowledge base article: KB2108416
To add the thumbprint you first execute a command such as esxcli -s servername system version get
This command will generate an error message containing the thumbprint. You then update the certificate with this command:
/usr/lib/vmware-vcli/apps/general/credstore_admin.pl add -s server -t thumbprint
The script I have created extracts the thumbprint from the first command and uses it in the second command.
To use the script from the vSphere Management Assistant the simplest solution is to login to the vMA and execute the following command:
wget www.vmwarebits.com/setthumb
This will download the script file into your current folder
Next set the executable flag for the script: chmod +x setthumb
And finally execute the script: ./setthumb
The script will report on what it is doing. I did not add all the possible error handling for all types of conditions. So you will have to interpret what's happing yourself.
For your reference here is the actual script:
#!/bin/bash
# Get the ESXi server thumbprint and add it to the certificate store
# Rob Bastiaansen, October 2015
# rob@vmwarebits.com
#
echo -e 'Enter servername to set thumbprint for: \c'
read servername
echo -e 'Username: \c'
read username
echo -e 'Password: \c'
read -s password
echo
echo "Executing command: vifp addserver $servername --authpolicy fpauth --username $username --password ********"
echo
vifp addserver $servername --authpolicy fpauth --username $username --password $password
echo
echo Attempting to connect and get ESXi version information
#Get the ESXi version. If this is returned then the server is already trusted.
#Otherwise get the thumbprint from this output
esxcli -s $servername system version get > /tmp/thumb.tmp
echo
if grep 'not trusted' /tmp/thumb.tmp
then
echo
echo This host is not trusted, extracting thumbprint from previous command
echo
sed 's/thumbprint: /#/g' /tmp/thumb.tmp | cut -f 2 -d "#" | cut -f 1 -d "(" > /tmp/thumb.found
echo -e 'Thumbprint found: \c'
cat /tmp/thumb.found
echo
echo Adding thumprint with command /usr/lib/vmware-vcli/apps/general/credstore_admin.pl add -s $servername -t $(cat /tmp/thumb.found)
echo
/usr/lib/vmware-vcli/apps/general/credstore_admin.pl add -s $servername -t $(cat /tmp/thumb.found)
echo
else
#the host was already trusted, display the ESXi version information and report that it was already trusted
cat /tmp/thumb.tmp
echo
echo This host is already trusted, no further action needed
echo
fi