Troubleshooting: Cannot Add host “Authenticity of the host’s SSL certificate is not verified”.

One of my customers wanted to change the hostname of the ESXi host.
In this case, the ESXi hostname stayed the same, but it needed to become part of  a subdomain.

Changing an ESXi hostname
This can normally be easily done in the following way:

  • Migrate VMs, offline VMs and templates of the host.
  • Put it in maintenance mode;
  • Remove the dvSwitch if the host is part of one or more.
  • Remove the host from the inventory.
    • *Tip: if during the removal the vCenter says “The Resource / Port xx is in use”, then you probably have the host still attached to a dvSwitch. Check if you have moved all the vm’s of the host, and if the problem still persist. It is possible that one of your templates registered itself with a certain port on that specific host. Solution for that is converting the template to a vm and back to a template again. This way it releases the port.

After that, you go to the DCUI of the host and change the host / domain name.
A restart of the management adapters is required.
Reboot of the host isn’t necessarily required, but it is always good to do so.


After I changed the hostname, I wanted to add it back to the vCenter, but unfortunately I received the following error:

After some troubleshooting I found 2 reasons for not being able to add the host.
In my case, someone made a double DNS record, but with a different IP address.
This way it saw 2 SSL signatures, and was not able to choose which one to add.
Removing the duplicate solved my issue.

Another reason that seems to occur more often, is that the vCenter sticks to the the original SSL certification.
In the customer environment, we used certificates that are signed by the vCenter.
When adding a host with the same certificate but a different name, it can result into problems.
This is easily solved by changing the original SSL certificate with the following command.

Generate New Certificates for ESXi
You typically generate new certificates only if you change the host name or accidentally delete the certificate. Under certain circumstances, you might be required to force the host to generate new certificates.

vSphere Documentation Center


  1. Log in to the ESXi Shell and acquire root privileges.
  2. In the directory /etc/vmware/ssl, back up any existing certificates by renaming them using the following commands.
    mv rui.crt orig.rui.crt
    mv rui.key orig.rui.key

    * Note

    If you are regenerating certificates because you have deleted them, this step is unnecessary.
  3. Run the command /sbin/generate-certificates to generate new certificates.
  4. Restart the host after you install the new certificate.Alternatively, you can put the host into maintenance mode, install the new certificate, and then use the Direct Console User Interface (DCUI) to restart the management agents.
  5. Confirm that the host successfully generated new certificates by using the following command and comparing the time stamps of the new certificate files with orig.rui.crt and -la
↑↑ Follow me on my Socialz ↑↑ - Or - ↓↓ Care & Share ↓↓

2 thoughts on “Troubleshooting: Cannot Add host “Authenticity of the host’s SSL certificate is not verified”.

  1. this issue resolved for me after I found duplicate dns entry for the host. Upon removing the entry, issue resolved for me. Thank you!!

    1. Happy to hear ^_^

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.