If the certificate on ESXi can't be verified by vCenter, it would fail to add ESXi to vCenter with such error message at task bar.
A general system error occurred: Failed to verify certificate on <ESXi-FQDN-or-IP>. When ESXi Certificate Mode is set to custom it is mandatory to install valid certificate on ESXi host before adding the host to VC
This article is applicable when custom CA certificate isn't required on ESXi.
Certificate chain broken.
To perform it on ESXi Host Client, see Place an ESXi Host in Maintenance Mode in the VMware Host Client
To perform it on vSphere Client, see Place a Host in Maintenance Mode
To perform it by Command Line, see Place a Host in Maintenance Mode using esxcli command
mv /etc/vmware/ssl/rui.crt /etc/vmware/ssl/rui.crt.bak
mv /etc/vmware/ssl/rui.key /etc/vmware/ssl/rui.key.bak
/sbin/generate-certificates
services.sh restart
ESXi Host Client >> "Host" >> "Manage" >> "Security & users" >> "Certificates"
to verify the change.If you need to revert to the previous SSL certificate, follow the steps below:
mv rui.crt.bak rui.crt
mv rui.key.bak rui.key
services.sh restart
ESXi Host Client >> "Host" >> "Manage" >> "Security & users" >> "Certificates"
to verify the change.