• Attempting to access ESXi UI after configuring CA signed certificates for ESXi receiving:
  
  Error: 503 Service Unavailable (Failed to connect to endpoint: [N7Vmacore4Http16LocalServiceSpecE:0x0000001209e60f60] _serverNamespace = / action = Allow _port = 8309)" 
  
  
• The VPXA log /var/log/vpxa.log contains this line:
  
  [Originator@6876 sub=Default] Failed to initialize the SSL context: N7Vmacore3Ssl12SSLExceptionE(SSL Exception: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch) --> Panic: Failed to initialize the SSL context.
  
  
• vpxa service even if started manually, stops in few seconds.
• rui.crt and rui.key files are missing from /etc/vmware/ssl

VMware vSphere ESXi

When an invalid SSL certificate is uploaded through the vSphere client, it's refused but applied nevertheless, crashing any and all of the management daemons.

To resolve the issue,

• Regenerate the self-signed certificate by executing the following command:
  
  /sbin/generate-certificates

• Restart the management agents:
  
  /etc/init.d/hostd restart
/etc/init.d/vpxa restart
  
  
• Verify the check against the Private Key and the Certificate files before configuring CA signed certificate for ESXi, both should match if the Private Key belongs to the same certificate:
  
  openssl x509 -noout -modulus -in rui.crt | openssl sha256
openssl rsa -noout -modulus -in rui.key| openssl sha256