Updating the SSL Certificate for your host
Should you change your host's hostname or domain after an install, the SSL certificate for the host will still be issued to localhost.localdomain. You can either regenerate a self-signed certificate for your ESXi host or replace the certificate from one generated by a certificate authority.
Regenerate your host's self-signed certificate
Replace the host's certificate with one generated by a certificate authority
The below steps used OpenSSL which can be downloaded from here and a Microsoft Windows 2003 Server Certificate Authority.1) Download and install OpenSSL from the link provided. If you've using Linux, your host may already have the OpenSSL package. If you are using Windows, you may also need to download the Microsoft Visual C++ 2008 Redistributable Package.
2) Generate a new private key with the command openssl genrsa 1024 > rui.key.
3) Create a new certificate request by running the command openssl req -new -key rui.key > rui.csr. A wizard will run and prompt you for information for the certificate request.
4) Open the rui.csr file with a text editor and copy the contents. If using Windows, avoid using Notepad as it may insert extra characters into the copied text.
5) Open the certificate request page for your Windows 2003 CA server. This is typically http://<hostname>/certsrv.
6) Click on the "Request a Certificate" link followed by the "advanced certificated request" link on the Request a Certificate page.
7) Select the link "Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file."
8) On the certificate request page enter the text from the rui.csr file and change the Certificate Template to Web Server. Then click Submit.
9) On the certificate issued page, select the "Based 64 encoded" option and then download the certificate to your PC
10) Run the command on the certificate that you downloaded: openssl x509 -in certnew.cer -out esx.cer.
11) Copy the private key and certificate to your ESXi host with the following RCLI commands
vifs.pl --server esx05.mishchenko.net --put rui.key /host/ssl_key
vifs.pl --server esx05.mishchenko.net --put esx.cer /hest/ssl_cert
12) Restart the ESXi and verify that the certificate has been installed correctly. If there is a problem with the certificate, you may not be able to login to the host with the VI client. If that's the case, then run /sbin/create_certificates at the console and reboot the host.