Configuration details | - Log in with root.
- Go to Manage > Security & Users > Certificates.
- Select Import new Certificate > Generate FQDN request.
- Copy and paste FQDN request into a text file and rename it with the .csr extension.
- Send file over to CA host so the CA can sign it.
Note: Users can add the IP address of the ESXi host to the Subject Alternate Name to allow secure connections by specifying the FQDN (set to the CN) or the IP (set to the SAN). - Send back signed cert in .pem format (Base64 ASCII encoded).
- Open the certificate file with a text editor such as Notepad.
- Back in ESXi under root privilege, go to Manage > Security & Users > Certificates.
- Select Import new Certificate.
- Copy and paste the .pem content into an empty box and select Import.
|
Verification steps | - Log out of ESXi and close the browser.
- Ensure CA root cert is a trusted root certificate by browser.
- Go to ESXI and log in with root.
- Go to Manage > Security & Users > Certificates.
- The Issuer row should have the name of the CA.
|
Helpful tips | To import custom CA signed certificates into ESXi when managed by vCenter, follow this procedure: Certificate Mode Switch Workflows. This may cause disruptions and have certain requirements, such as temporarily disconnecting ESXi from vCenter. |