I plan to replace the default certificate on an ESXi 5.1 host with a commercial one that was signed by an intermediate Root CA. As far as I know with ESXi 5.0 it was not possible to include the intermediate cert with the server cert on the host (to eliminate the need to roll out the intermediate cert on any client that would connect to the host).
Does someone know if that changed in ESXi 5.1?
To answer my own question: It works well with ESXi 5.1.
Just add the intermediate certificate to /etc/vmware/ssl/rui.crt after the server cert.
I tested the followong clients/browsers:
- vSphere Client on Windows 7
- IE8 and IE9 on Windows
- Safari and Chrome on iPad/iOS 6.0
- Internal browser, Chrome and Firefox on Android 4.0