• Attempting to access ESXi UI, receiving "Error: 503 Service Unavailable (Failed to connect to endpoint: [N7Vmacore4Http16LocalServiceSpecE:0x0000001209e60f60] _serverNamespace = / action = Allow _port = 8309)".
• Unable to process /etc/vmware/ssl/castore.pem due to invalid formatting:

-----BEGIN CERTIFICATE-----
MIIFyjCCBLKgAwIBAgIKYURFHAAAAAAABDANBgkqhkiG9w0BAQUFADBCMRMwEQYK
..........
...snip...
..........
TmqX6OuznopBJKNW5Z5LbHzuUCfY8ryBhYZhHKsf9CmZa12j/ODfznFtAgbPNw==
-----END CERTIFICATE----------BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgIKYSn5HgAAAAAAAjANBgkqhkiG9w0BAQUFADAWMRQwEgYD
..........
...snip...
..........
N4C2CAlLaR3sXlHBRNlfsLO+rZo45hwW8Xw3rLD+ETtgKMmAVUI=
-----END CERTIFICATE-----

• In /var/run/log/hostd.log:

YYYY-MM-DD HH:MM:SS info hostd[2104813] [Originator@6876 sub=Solo] Setting OpenSSL verify location CAFile=/etc/vmware/ssl/castore.pem
YYYY-MM-DD HH:MM:SS error hostd[2104813] [Originator@6876 sub=Solo] Failed to create SSL context: N7Vmacore3Ssl12SSLExceptionE(SSL Exception: error:0906D066:PEM routines:PEM_read_bio:bad end line)--> [context]=[/context]

To resolve the 503 error in the ESXi UI, verify that the castore.pem file has correct formatting and includes all necessary intermediate certificates.

/etc/vmware/ssl/castore.pem

Proper formatting:

-----BEGIN CERTIFICATE-----
MIIFyjCCBLKgAwIBAgIKYURFHAAAAAAABDANBgkqhkiG9w0BAQUFADBCMRMwEQYK
..........
...snip...
..........
TmqX6OuznopBJKNW5Z5LbHzuUCfY8ryBhYZhHKsf9CmZa12j/ODfznFtAgbPNw==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgIKYSn5HgAAAAAAAjANBgkqhkiG9w0BAQUFADAWMRQwEgYD
..........
...snip...
..........
N4C2CAlLaR3sXlHBRNlfsLO+rZo45hwW8Xw3rLD+ETtgKMmAVUI=
-----END CERTIFICATE-----

Note: If ESXi hosts are signed by different CAs, the castore.pem should have additional root and intermediate entries for the CAs that signed the other ESXi hosts.