Virtual Center Server & Certificates

Ive been banging my head with this all day - I admit defeat :(

I understand that not to error I need to trust the root CA then that the certificate on the VCenter's common name needs to match its URL. I need to know how to do this with OpenSSL on he Virtual Center Server itself (NOT with Windows Certificate Services)

Ive read http://www.vmware.com/pdf/vi_vcserver_certificates.pdf and a thousand other blogs, helpfiles - websites and still cannot make it work, I'm either thick, or missing something blatantly obvious

what Ive done-------------------

Install open SSL


In /bin folder create a folder called newcerts
Copy the index.txt and serial files from \bin\pem\democa to \bin
Open openssl.cnf with notepad

Change settings to




[ CA_default ]

dir            = .                  # Where everything is kept

private_key      = $dir/rui.key            # The private key

certificate      = $dir/myroot.crt       # The CA certificate


1. Open a command prompt
cd c:\openssl\bin\

2. Create a Local Root CA

openssl req -new -x509 -extensions v3_ca -keyout rui.key -out myroot.crt -days 3650 -config openssl.cnf
Enter passphrase
Answer Questions
Set common name to FQDN

3. Create a request file for The Virtial Center Server to get a Web Certficate from your Root CA
openssl req -new -nodes -out rui.csr -config openssl.cnf

4. Process the request file and generate a certificate
openssl ca -out rui.crt -config openssl.cnf -infiles rui.csr

5. Now create a .pfx file.
openssl pkcs12 -export -in rui.crt -inkey rui.key -out rui.pfx


error

C:\OpenSSL\bin>openssl pkcs12 -export -in rui.crt -inkey rui.key -out rui.pfx
Loading 'screen' into random state - done
Enter pass phrase for rui.key:
No certificate matches private key

Im getting the key and the cert dont match but Ive only got one key?