You can use third-party applications to upload certificates and key. Applications that support HTTPS PUT operations work with the HTTPS interface that is included with ESXi.


  • If you want to use third-party CA-signed certificates, generate the certificate request, send it to the certificate authority, and store the certificates on each ESXi host.

  • If necessary, enable the ESXi Shell or enable SSH traffic from the vSphere Web Client.

  • All file transfers and other communications occur over a secure HTTPS session. The user who is used to authenticate the session must have the privilege Host > Config > AdvancedConfig on the host.


  1. Back up the existing certificates.
  2. In your upload application, process each file as follows:
    1. Open the file.
    2. Publish the file to one of these locations.







    The location /host/ssl_cert and host/ssl_key link to the certificate files in /etc/vmware/ssl.

  3. Restart the host.

What to do next

Update the vCenter Server TRUSTED_ROOTS store. See Update the vCenter Server TRUSTED_ROOTS Store (Custom Certificates).