VMWare OpenSSL fixes: what to do

VMware:
Vulnerable Products:
  • ESXi hosts
  • Windows version of vCenter Server (only Atlanta)
  • vCenter Server appliance
  • VMware Client Integration Plug-in
  • vCenter Single Sign-On VMware Directory Service
Fixes:
  • ESXi hosts
    • Verify you version installed and only upgrade to the patch specified in the following KB:
    • Running following commands to re-issue the certificate:
      • cd /etc/vmware/ssl and ls -l
      • mv rui.crt /vmfs/volumes/ATL01PRDCS01_WINBUILD_01_01/VMH04orig.rui.crt
      • mv rui.key /vmfs/volumes/ATL01PRDCS01_WINBUILD_01_01/VMH04orig.rui.key
      • /sbin/generate-certificates
      • chmod +t rui.crt
      • chmod +t rui.key
    • Change root password
    • Reboot the server
    • Reconnect host again to vCenter
  • Windows version of vCenter Server
    • Verify log on as accounts for VMware services after upgrade.  For some reason mine changed to the user as was logged in as so some plugins did not start.
  • vCenter Server appliance
    • Upgrade to latest release to patch Client Integration Plug-in.
  • vCenter Single Sign-On VMware Directory Service
    • recreate certificates (reference KB 2076692)
    • change password
  • VMware Client Integration Plug-in
    • Download from webpage and upgrade for all users accessing vCenter web client.

Good KB to subscribe too for updates on this issue:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s