Hello John,
to get .pem file working with SSL Tool you have to include complete certificate chain in this container...
- Certificates in PEM container must be in x509 (BASE64) ... NOT in DER
- when you open it in text editor they must start with: -----BEGIN CERTIFICATE----- ends with: -----END CERTIFICATE-----
- If you are using subordinate CA for issuing certificates in your domain you must include its certificate in PEM file!
- All certificates in .PEM file must be in reverse order so when you open the file first must be vCenter server certificate, second Sub CA and last Root CA
You can create PEM container with copy command and keep exact order:
copy /B <path>rui.crt + <path>SubCA64.cer + <path\>RootCA.cer chain.pem
After you will have PEM file created open it and check certificates order, vCenter first, Sub second and Root at the bottom.
Avoid putting some extra blank lines between certificates, there should be no space before and after any certificate.
Once you have chain.pem and private key from vCenter (rui.crt) certificate you can start with SSL Tool.
P.