Cert for ESXi

To generate a certificate request for an ESXi 6.0 host:

1. Open a command prompt and navigate to the OpenSSL directory as previously configured in the Configuring OpenSSL article. By default this is  C:OpenSSL-Win32bin.

2. Run the command:

   openssl req -new -nodes -out rui.csr -keyout rui-orig.key

   This creates the certificate request rui.csr.

3. Convert the Key to be in RSA format by running these command:

   openssl rsa -in rui-orig.key -out rui.key

Installing and configuring the certificate on the ESXi host

After the certificate is created, complete the installation and configuration of the certificate on the ESXi 6.0 host:

1. Navigate to the console of the server to enable SSH on the ESXi 6.0 host.

2. Log in to the host and then navigate to /etc/vmware/ssl.

3. Copy the files to a backup location, such as a VMFS volume.

4. Log in to the host with WinSCP or login locally (my preferred method) and navigate to the /etc/vmware/ssl directory.

5. Delete the existing  rui.crt and  rui.key from the directory.

6. Copy the newly created  rui.crt and  rui.key or create them using vi (again my preferred method, I also at the intermediate cert to the .crt file) to the directory using Text Mode or ASCII mode to avoid the issue of special characters (  ^M) appearing in the certificate file.

7. Type vi rui.crt to validate that there are no extra characters.

   Note: There should not be any erroneous  ^M characters at the end of each line.

8. Restart the management agents

   /etc/init.d/hostd restart

   /etc/init.d/vpxa restart