To generate a certificate request for an ESXi 6.0 host:
- Open a command prompt and navigate to the OpenSSL directory as previously configured in the Configuring OpenSSL article. By default this is C:\OpenSSL-Win32\bin.
- Run the command:
openssl req -new -nodes -out rui.csr -keyout rui-orig.key
This creates the certificate request rui.csr.
- Convert the Key to be in RSA format by running these command:
openssl rsa -in rui-orig.key -out rui.key
Installing and configuring the certificate on the ESXi host
After the certificate is created, complete the installation and configuration of the certificate on the ESXi 6.0 host:
- Navigate to the console of the server to enable SSH on the ESXi 6.0 host.
- Log in to the host and then navigate to /etc/vmware/ssl.
- Copy the files to a backup location, such as a VMFS volume.
- Log in to the host with WinSCP or login locally (my preferred method) and navigate to the /etc/vmware/ssl directory.
- Delete the existing rui.crt and rui.key from the directory.
- Copy the newly created rui.crt and rui.key or create them using vi (again my preferred method, I also at the intermediate cert to the .crt file) to the directory using Text Mode or ASCII mode to avoid the issue of special characters ( ^M) appearing in the certificate file.
- Type vi rui.crt to validate that there are no extra characters.
Note: There should not be any erroneous ^M characters at the end of each line.
- Restart the management agents
/etc/init.d/hostd restart
/etc/init.d/vpxa restart