Standalone server ESXi 6.7:
Manage > System > Advanced settings. Set Misc.PreferredHostName (shortname).
Networking > TCP/IP stacks > Default TCP/IP stack. Set Host name and Domain name. Maintenance mode and reboot the host to take changes.
Manage > Security & users > Certificates. Click Import new certificate.
Most likely you want Generate FQDN signing request. Copy the CSR into a text file (DO NOT REBOOT HOST OR THE PENDING CSR PRIVATE KEY IS WIPED AND YOU WILL HAVE TO GENERATE A NEW REQUEST).
Send the text file to your CA admin, point them to these articles for CSR requirements and CA template requirements.
Requirements for ESXi Certificate Signing Requests
Export the signing CA Root and any Intermediary if your environment has any, PEM format so it is text readable. The certificate file you get back from the request, open in notepad. Same for the CA root and intermediaries. Make sure each BEGIN CERTIFICATE and END CERTIFICATE are on their own line. For example:
-----BEGIN CERTIFICATE-----
<Certificate of Host>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<Certificate of intermediary CA>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<Certificate of Root CA>
-----END CERTIFICATE-----
Go back to Manage > Security & users > Certificates. Open Import new certificate, copy the entire certificate text file with the intermediaty/Root CA certificates, and paste into the region provided. Click Import button at the bottom.