1. I log into freshly deployed vSphere Client 7.0 Web GUI: https://myvsphereclient.mydomain.co.uk/ui/
2. Go to Administration -> Certificates -> Certificate Management -> Machine SSL Certificate -> Actions -> Import and Replace Certificate
3. Choose "Replace with external CA certificate (requires private key)" -> NEXT
4. Browse to and upload our wildcard multidomain SAN certificate files issued by Sectigo. We happily use the same certificate for dozens of subdomains in dozens of different places including https://www.matrixscience.com
5. Machine SSL Certificate -> cert.crt
6. Chain of trusted root certificates -> ssl-bundle.crt
7. Private Key -> keyfile.key
8. Click REPLACE
"Error occurred while fetching tls: Invalid input certificate : The Subject of the provided certificate does not contain the correct CN value"
Same error when uploading files in .pem format.
What is it complaining about?
How to fix it i.e. replace self signed default SSL certificate with our own (without issuing a brand new certificate)?
https://kb.vmware.com/s/article/2112277
VMWare does not support wildcards. What I did is just use our internal CA to create my certificate.
--Alan
Slight edit: from the KB article: "VMware does not support the use of wildcard certificates on the vCenter Server." (https://kb.vmware.com/s/article/2112277)
However, stand alone ESXI servers *do* support the use of wildcard certs.
https://kb.vmware.com/s/article/56441
My first time was also very nervous 🙂 I did not change it properly
Check also this article
https://virtualblog.nl/2020/10/26/vmware-vcenter-replace-machine-certificate-with-custom-ca/
Maybe you missed something
Thanks for that clarification re: esxi vs vcenter. I first did all my esxi hosts, got them secured, and only vcenter was annoying me and I spent the better part of a day manually setting/copy certs, failing at the GUI, discovering the /usr/lib/vmware-vmca/bin/certificate-manager, finally hitting the "no wildcards" error string... which made zero sense since I'd just used wildcards on the very host vcenter is running on. So annoying.