1. Prepare the SSL certificate chain of the syslog server in PEM base64 format called syslog_chain.cer. An explanation and model of full chain creation can be found in VMware KB article Replace vCenter Machine SSL certificate Custom Certificate Authority Signed Certificate (step8)

2. Place the ESXi system in maintenance mode

3. Display current syslog configuration
    # esxcli system syslog config get

4. Verify valid format of certificate store
    # openssl verify -CAfile /etc/vmware/ssl/castore.pem -verbose /etc/vmware/ssl/castore.pem

5. Backup the certificate store
    # cp /etc/vmware/ssl/castore.pem /etc/vmware/ssl/castore.pem.bak

6. Use SCP or an SFTP application to copy the syslog certificate chain to the ESXi system /tmp folder
    # scp root@esxi_fqdn:syslog_chain.cer /tmp/syslog_chain.cer

7. Append syslog certificate to the certificate store
    # cat /tmp/syslog_chain.cer >> /etc/vmware/ssl/castore.pem

8. Re-verify valid format of certificate store
    # openssl verify -CAfile /etc/vmware/ssl/castore.pem -verbose /etc/vmware/ssl/castore.pem

9. Set syslog daemon to check SSL certificates
    # esxcli system syslog config set --check-ssl-certs=true

10. Set the syslog connection via SSL:
    # esxcli system syslog config set --loghost="ssl://"IP_or_FQDN_of_syslog_server":1514

11. Reload syslog configuration options
    # esxcli system syslog reload

12. Display current syslog configuration
    # esxcli system syslog config get

13. Restart services
    # /sbin/services.sh start

14. Test log shipping
    # esxcli system syslog --message "Syslog Test Message"

Configuring syslog on ESXi