You can use third-party applications to upload certificates and key. Applications that support HTTPS PUT operations work with the HTTPS interface that is included with ESXi.

Before you begin

  • If you want to use third-party CA-signed certificates, generate the certificate request, send it to the certificate authority, and store the certificates on each ESXi host.

  • If necessary, enable the ESXi Shell or enable SSH traffic from the vSphere Web Client. See the vSphere Security publication for information on enabling access to the ESXi Shell..

  • All file transfers and other communications occur over a secure HTTPS session. The user who is used to authenticate the session must have the privilege Host > Config > AdvancedConfig on the host. See the vSphere Security publication for information on assigning privileges through roles.

Procedure

  1. Back up the existing certificates.
  2. In your upload application, process each file as follows:
    1. Open the file.
    2. Publish the file to one of these locations.

      Option

      Description

      Certificates

      https://hostname/host/ssl_cert

      Keys

      https://hostname/host/ssl_key

    The location /host/ssl_cert and host/ssl_key link to the certificate files in /etc/vmware/ssl.

  3. Restart the host.

What to do next

Update the vCenter Server TRUSTED_ROOTS store. See Update the vCenter Server TRUSTED_ROOTS Store (Custom Certificates).