The heavens parted and then… ESXi Heartbleed patch!

Better late than never, yea? Quick Saturday post, here is how to get your host up to date real quick via SSH, generate new certs, and change the root password. Better safe than sorry, friends.

Note: This is only for ESXi 5.5 Update 1! If you are not running 5.5u1, replace ESXi-5.5.0-20140404001-standard with ESXi-5.5.0-20140401020s-standard.

This will be the quick way to do it, your environment may not let you turn on the built-in httpclient within ESXi but I am going to assume that will not be an issue. And because I am currently doing these patches on my homelab where I am the boss!

Enable SSH on your host(s) and remote in via terminal/putty

Enable the ESXi built-in httpclient:

Pull down and install the patch:

Backup your ‘old’ SSL keys:

Generate new keys and chmod them:

Reboot the host:

Once the host comes back up, SSH back in and change the root password: passwd root

That’s all there is to it. These types of security issues are no fun for anyone but it comes with the territory. Cheers!

VMware KB#2076665 – Resolving OpenSSL Heartbleed for ESXi 5.5

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.