I'm in the exact same situation and I've spent two days looking for a solution with no luck. I thought I'd bump this thead rather than create an identical question myself.
Some details on the test rig:
- single bare metal host running ESXi 6.7
- single PC acting as a client (Win 10), running Chrome web browser and connecting to the host by typing in the host IP address in the browser
- no vCenter and no other VMWare products are installed
On the host I've renamed it to "server3", then ran a command from ssh shell to regenerate the ssl certs, so they look fine if I view them in the web client (CN=server3).
After typing in the IP address of the host I get the usual certificate invalid error, I pick the option to continue to the login screen, then right click on the web browser address field where it says "Invalid certificate", then choose copy cert contents to file, then save that as a .crt file, then I install this in the Trusted Root Authority folder. I've also tried running an WinSCP session and copied over the original host cert "rui.crt" and installed that as well, although I'm fairly sure it's the same cert. With those two installed I still get the invalid cert message, but it now says:
"The issuer of this certificate could not be found"
Which makes sense as the issuer is actually unknow, but I've got no idea what to do to make this work. Is it even possible to resolve without moving over to my own self signed certs? I've logged a ticket with VMware, but I'm fairly sure they'll just come back with a load of unrelated info, or send me links to articles which mention a solution for when you are using vCenter. Every single tutorial I've found suggests going over to the vCenter webpage, then picking the link for "download certs", but of course if you haven't got vCenter, you're not going to get those links.
Rgrds,
T.