Add a Root Certificate to vCenter Server and ESXi

You can use PowerCLI to add a root certificate or certificate chain to the trusted root store of vCenter Server and to the certificate stores of the connected ESXi hosts.

Prerequisites

  • Verify that you are connected to a vCenter Server system.

  • Verify that the root certificate or certificate chain you want to add is available on your machine.

Procedure

  1. (Optional) List the trusted root certificates on your vCenter Server system and the connected ESXi hosts.
    Get-VITrustedCertificate
  2. Create a variable with the root certificate or certificate chain you want to add.
    $trustedCertChain = Get-Content "C:\Users\jdoe\Downloads\ca-chain.cert.pem" -Raw
    
  3. Add the root certificate or certificate chain to vCenter Server and to the connected ESXi hosts
    Add-VITrustedCertificate -PemCertificateOrChain $trustedCertChain
  4. (Optional) Verify that your new root certificate or certificate chain has been added to the trusted certificate stores.
    Get-VITrustedCertificate