Configure SSL Timeouts on Esxi Host

By | 05/11/2017

To authenticate against vCenter SSO, solution users uses certificates to establish a secure connection. A solution user presents the certificate to vCenter SSO in 3 cases:

  • When solution user authenticates against sso for very first time.
  • After a reboot, and
  • After a timeout has elapsed.

The timeout value can be set from the Web Client. The default value for this is 2592000 seconds (30 days). To change the default value, login to vSphere Web Client and navigate to  Administration > Single Sign-On > Configuration > Policies > Token Policy.

esxcert-11.PNG

On few blogs I read the following steps for configuring ssl timeouts. 

We can configure SSL timeouts for ESXi by editing a configuration file on the ESXi host.

Timeout periods can be set for 2 types of idle connections:

1: The Read Timeout setting applies to connections that have completed the SSL handshake process with port 443 of ESXi.

2: The Handshake Timeout setting applies to connections that have not completed the SSL handshake process on port 443 of ESXi.

Both connection timeouts are set in milliseconds. Idle connections are disconnected after the timeout period. By default, fully established SSL connections have a timeout of infinity.

I am running  vSphere 6.0 U3 in my lab and I can’t find the readTimeoutMS and handshakeTimeoutMs fields in config.xml file. 

I hope you find this post informational. Feel free to share this on social media if it is worth sharing. Be sociable 🙂

Category: VMware

About Alex Hunt

Hi All I am Manish Jha. I am currently working in OVH US as Operations Support Engineer (vCloud Air Operations). I have around 7 Years of IT experience and have exposure on VMware vSphere, vCloud Director,vSphere Replication, vRealize Automation, NSX and RHEL. If you find any post informational to you please press like and share it across social media and leave your comments if you want to discuss further on any post. Disclaimer: All the information on this website is published in good faith and for general information purpose only. I don’t make any warranties about the completeness, reliability and accuracy of this information. Any action you take upon the information you find on this blog is strictly at your own risk. The Views and opinions published on this blog are my own and not the opinions of my employer or any of the vendors of the product discussed.