I have applied my own SSL certificate to my ESXi host using the default names rui.crt and rui.key. The site is SSL'd but upon verification through SSL Checker, I am missing my intermediate/chain certificate (typcally a .pem or .pfx).
I see that ESXi has both a default castore.pem and iofiltervp.pem but no "rui.pem" to go with the rui.crt and rui.key.
How do I install my intermediate/chain certificate into /etc/vmware/ssl (into the ESXi certificate store) and what do I name it? Is there a config file I need to modify to point to my intermediate/chain cert like found in Apache's mod_ssl /etc/httpd/conf.d/certs ssl.conf file?
Thank you.
To install your intermediate/chain certificate into the ESXi certificate store, follow these steps:
Log in to your ESXi host using SSH or the ESXi Shell.
Navigate to the /etc/vmware/ssl directory.
Create a new file using your preferred text editor and copy and paste the contents of your intermediate/chain certificate into it.
Save the file with a descriptive name, such as chain.crt.
Run the following command to import the intermediate/chain certificate into the ESXi certificate store:
This will create a new file named chain.pem that contains the intermediate/chain certificate in PKCS#7 format.
Move the chain.pem file to the /etc/vmware/ssl directory.
Rename the rui.crt file to rui.old and rename the chain.pem file to rui.crt:
Restart the hostd service using the following command:
This will reload the SSL certificate with the intermediate/chain certificate included.
After completing these steps, you should be able to verify that your intermediate/chain certificate is included by checking the SSL certificate with a tool such as SSL Checker.
