[Update] While this did seem to succeed, I ultimately wanted to access the client via ProxyPass and I have learned that it is not necessary and in fact won't work with chained intermediate/domain certs. What you want to do is put just the domain.crt and server.key into the esXi guest and then put the bundle.ca in the ProxyPass host. Read more here
First, shut down VM's and enter maintenance mode.
You need to concatenate your domain.crt and the intermediary files into one file.
My latest SSL package came with a ca-bundle, which is essentally just saving me a step from the old method which was
cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > bundle.ca
If you have the bundle then its
cat domain.crt bundle.ca > rui.crt
You also need your key file. It will need to be named rui.key.
You need to get them onto the esXi host via either creating the files wit VI. Or use something like FileZilla and connect via port 22 (as long as ssh is enabled)
Delete or backup rui.* inside /etc/vmware/ssl/
Put them your 2 new files into >>
Final File Tree:
/etc/vmware/ssl/ /etc/vmware/ssl/rui.key /etc/vmware/ssl/rui.crt /etc/vmware/ssl/(other files to be left alone)
reboot & exit maintenance mode. You should have new Certs being presented!
I am still having issues logging into the HTML5 web client, but the certs are definitely being presented. I am using ProxyPass so I am guessing its that. But I am moving onto VCenter Web Client since I can't get it working. Read here for installing Comodo PositiveSSL Certs inside VCenter Linux Appliance.