• ESXi Host disconnected from vCenter after replacing custom certificate in ESXI host.
• After replacing custom certificates in ESXI, trying to logging into ESXi host client from browser error shown:
  
  
  • NET:ERR_CERT_INVALID
    
    
• When trying to connect ESXi host to vCenter, vpxd.log reports below error.

[YYYY-MM-DDTHH:MM:SS] error vpxd[06668] [Originator@6876 sub=IO.Http opID=##-auto-2ajw-h5:##-aa] User agent failed to send request; (null), N7Vmacore3Ss118SSLVerifyExceptionE(SSL Exception:
Verification parameters:
--> PeerThumbprint: ##:##:##:BB:60:CB: 5D: 6C: E3:34:04:7C:10:8D:9A:20:48:69:C8:##
-- > ExpectedThumbprint: ##:##:20:58:E4:78:2F:74:09:3A:6D:5A:1B:56:76:AA:24:23:81:##
-- > ExpectedPeerName: host.example.com
-- > The remote host certificate has these problems:

-- > * Invalid certificate usage. Non server auth key usage.
-- >
-> * unsupported certificate purpose)

VMware vSphere ESXI 8.0

Within the certificate, it is missing the "Enhanced Key Usage" parameter of "Server Authentication".  This is needed for proper communication to the host.

Example below shows when viewing the certificate the missing parameter example.

To resolve this issue, engage the CA team and get a new certificate which includes the missing parameters.

For more information see KB Configuring CA signed certificates for ESXi hosts (341649)