This means that the certificate is valid only for this domain name :. the common name (CN) of the certificate :.the domain name : informatiweb.lan (DC=informatiweb,DC=lan).the name of the certificate authority that signed the certificate : InformatiWeb CA.
Now, VMware ESXi recognizes your new certificate and displays some information : Inside, you will find a text with these two lines "-BEGIN CERTIFICATE-" and "-END CERTIFICATE-".Ĭopy the entire text into the ESXi web client and click "Import". To import the certificate on your ESXi server, you will need to open the PEM certificate with notepad. Once converted, you will have 2 certificates : Note : "C:\Users\InformatiUser\Downloads" corresponds to the "Downloads" folder of our "InformatiUser" user where the certificate is in CER format.
Openssl x509 -inform der -in C:\Users\InformatiUser\Downloads\certnew.cer -out C:\Users\InformatiUser\Downloads\certnew.pem Then, open a command prompt (cmd) and type this :
To do this, download OpenSSL for Windows, then unzip the downloaded file and copy the contents of the "bin" folder to : C:\OpenSSL (which you must create beforehand) To be able to use it with your ESXi server (which is based on the Linux distribution : Red Hat), you will need to convert it to PEM format (Linux format).
Then, download the certificate that is generated by the CA that you are using.īecause we have used a certification authority created under Windows Server, our certificate is in CER format. Note : if you have a certification authority under Windows Server in your network, you will also need to select the "Web Server" certificate template before clicking Send. Then, go to the site of the desired certification authority and paste this certificate request. If this confirmation appears, click "Allow access". Note that this one has been encoded in base 64. Your ESXi server has created the Certificate Request (CSR). To create the certificate request, simply go to "Security & Users -> Certificates" and click on "Import new certificate".Ĭlick on "Generate FQDN signing request". To secure your ESXi server with a SSL certificate, you only need to generate the certificate request from the web client and submit this certificate request (CSR) to a trusted CA. Securing the ESXi server with a valid SSL certificate Note : the PTR record allows you to create the reverse record (IP to domain name) in the reverse lookup area of your DNS server.ĥ.
To be able to access your ESXi server from its domain name, you must obviously add a record in your local DNS server so that the "" domain name points to the IP address of your ESXi server. Nevertheless, we will add our domain name in the "Domain name" and "Search domains" boxes. Some informations are already configured, as we configured it from the ESXi console.