When you log in to an ESXi host by using the VMware Host Client, you can view the certificate details of your host, such as the issuer and the validity period, and you can also import new certificates.

View Certificate Details for an ESXi Host in the VMware Host Client

You can use the certificate information for debugging.

Procedure

  1. Click Manage in the VMware Host Client inventory and click Security & Users.
  2. Click Certificates.
    You can view the following certificate details.
    Field Description
    Issuer The issuer of the certificate.
    Not valid after Date on which the certificate expires.
    Not valid before Date on which the certificate is generated.
    Subject The subject used during certificate generation.

Import a New Certificate for an ESXi Host in the VMware Host Client

You can import a certificate from a trusted certificate authority when you are logged in to an ESXi host with the VMware Host Client.

Procedure

  1. Click Manage in the VMware Host Client inventory and click Security & Users.
  2. Click Certificates and click Import new certificate.
  3. Generate a certificate signing request:
    Option Description
    Generate FQDN signing request
    • Click Generate FQDN signing request, click the Copy to clipboard button, and click Close.
    • To generate the signed certificate, pass the certificate signing request to the certificate authority (CA).
    • In the Certificate text box, paste the generated signed certificate in PEM format and click Import.
    Generate IP signing request
    • Click Generate IP signing request, click the Copy to clipboard button, and click Close.
    • To generate the signed certificate, pass the certificate signing request to the CA.
    • In the Certificate text box, paste the generated signed certificate in PEM format and click Import.
    You do not have to import the certificate immediately. To make sure that you can use the signed certificate, do not restart the host between generating the certificate signing request and importing the certificate.

    The certificate signing request is then passed to the certificate authority to generate the official certificate.

    An FQDN request has the fully qualified host name of the host in the resulting common name field of the certificate. The IP signing request has the current IP address of the host in the common name field.