I have a standalone ESXi 6.5 host with a generic installation.
The generic installation uses self-signed certificates, which give the typical "there is a problem with this certificate..." error message.
so for laughs and giggles, I want to replace the self-signed cert with an Active Directory Certificate Services cert.
(which is setup with offline root and online intermediate).
the host is not joined to active directory nor is managed by vcenter.
the basic steps to create a cert request, submit to ADCS, download cert, and install into ESXi is not too complicated.
however, the cert does not include the full certificate chain (root + intermediate + host), so I still get the "there is a problem with this certificate"
only now the error is "the certificate cannot be verified up to a trusted certificate authority".
generally, you solve this error message by either
1 - adding the certificate chain for the certificate authority into the host cert store, or
2 - ensure the intermediate CA is accessible to the host
existing documentation has lots of references to VMCA, but that is not installed on ESXi (I checked the file system just to be sure).
so, are there any ssh based instructions for adding the root cert and intermediate cert into the host certificate store?