How to assign CA certificates on ESXi host?

How to generate custom CA Signed Certificate in ESXi Host?

Recently, we encountered an interesting task for generating custom CA “Signed Certificate” for ESXi 6.X host. Our customers were struggling for so long but now we are quite happy and confident to release this article for our customers to sort out their issues.

Prior to it, our customers face a lot of issues in using VM console via our VMware Module. In order to make it in work, there is a need for CA certificates. This is the basic requirement of our module. You need to follow some steps to install “CA certificates” on the ESXi host so that our customers are able to use the VM console via our WHMCS VMware Module.

This article will guide you to reduce the risk of misconfiguration or common issues faced during the certificate implementation. You would be able to replace the ESXi SSL custom certificate.

So, when you add the ESXi host even in the case you have installed custom CA certificate, then the Vcenter replace their own SSL  by default. Therefore, this article will help you to shun this problem. 

Let us check out the process:

There is a total of two ways to generate the custom CA Certificate. 

a. The first one is you can create CA Certificate from your Windows Computer if you do have good window administrator knowledge.

b. For the second one, you need to go through this following video:

Check out the following requirements for the installation of the custom CA Certificate on your ESXi 6.x Host. Before attempting these steps ensure that:

  1. You must have Vcenter 6.x version.
  2. You have followed the steps in Creating a Microsoft Certificate Authority Template for SSL certificate creation in vSphere 6.0 (2112009).
  3. You have installed SSH Terminal  (Putty) on your system.
  4. You have an SFTP/SCP client (such as WinSCP) installed.