VMware vSphere

I have applied my own SSL certificate to my ESXi host using the default names rui.crt and rui.key. The site is SSL'd but upon verification through SSL Checker, I am missing my intermediate/chain certificate (typcally a .pem or .pfx).

I see that ESXi has both a default castore.pem and iofiltervp.pem but no "rui.pem" to go with the rui.crt and rui.key.

How do I install my intermediate/chain certificate into /etc/vmware/ssl (into the ESXi certificate store) and what do I name it? Is there a config file I need to modify to point to my intermediate/chain cert like found in Apache's mod_ssl /etc/httpd/conf.d/certs ssl.conf file?

Thank you.

To install your intermediate/chain certificate into the ESXi certificate store, follow these steps:

1. Log in to your ESXi host using SSH or the ESXi Shell.

2. Navigate to the /etc/vmware/ssl directory.

3. Create a new file using your preferred text editor and copy and paste the contents of your intermediate/chain certificate into it.

4. Save the file with a descriptive name, such as chain.crt.

5. Run the following command to import the intermediate/chain certificate into the ESXi certificate store:

6. 

    

7. This will create a new file named chain.pem that contains the intermediate/chain certificate in PKCS#7 format.

8. Move the chain.pem file to the /etc/vmware/ssl directory.

9. Rename the rui.crt file to rui.old and rename the chain.pem file to rui.crt:

10.  
11. 

    Restart the hostd service using the following command:

12. 

     

13. 1. This will reload the SSL certificate with the intermediate/chain certificate included.

    After completing these steps, you should be able to verify that your intermediate/chain certificate is included by checking the SSL certificate with a tool such as SSL Checker.