While trying to use remote hosts as vifptarget for remote access, I kept getting thumbprint error
such as theses:
“Unable to verify the authenticity of the specified host. The SHA1 thumbprint of the cerificate is:
XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
Do you wish to proceed with connecting anyway? Choose “Yes” if you trust the host. The above information will be remembered until the host is removed from the inventory. Choose “No” to abort connecting to the host at this time.”
I am going to describe the process I used to automate (as much as possible), how I added all my hosts thumbprints to vMA credential store.
- First, open PowerCLI and list your hosts
- Get-VMHost | Get-View | Format-Table -Property Name, Name
- Now, add theses in a file named "esxcli" in VMA:
- while read LINE; do vifp addserver $LINE --username root --password **root_password** ;done<esxi
- Now, retrieve each SHA1 thumbprint, from every host, output this in a file called "out" (yes, I am quite original when it comes to file naming):
- while read SERVER; do echo -n ${SERVER}, && echo -n | openssl s_client -connect ${SERVER}:443 2>/dev/null | openssl x509 -noout -fingerprint -sha1 | awk -F= '{print $2}';done<esxi >out
- Now paste this script in a file of your choice, run chmod +x on it, and run it:
- #!/bin/sh
while read SERVER; do
STR1=$(echo $SERVER | awk -F, '{print $1}')
STR2=$(echo $SERVER | awk -F, '{print $2}')
/usr/lib/vmware-vcli/apps/general/credstore_admin.pl add -s $STR1 -T $STR2
done<out
And you are done ! I hope it help.