In this design, you replace user-facing certificates with certificates that are signed by a Microsoft Certificate Authority (CA). By default, virtual infrastructure management components use TLS/SSL certificates that are signed by the VMware Certificate Authority (VMCA). These certificates are not trusted by end-user devices.

About this task

Infrastructure administrators connect to different SDDC components, such as vCenter Server systems or a Platform Services Controller from a Web browser to perform configuration, management and troubleshooting. The authenticity of the network node to which the administrator connects must be confirmed with a valid TLS/SSL certificate.

You can use other Certificate Authorities according to the requirements of your organization. You do not replace certificates for machine-to-machine communication. If necessary, you can manually mark these certificates as trusted.

  1. Management vCenter Server

  2. Management NSX Manager

  3. Compute vCenter Server

  4. Compute NSX Manager

  5. vSphere Data Protection