In this design, you replace user-facing certificates with certificates that are signed by a Microsoft Certificate Authority (CA). By default, virtual infrastructure management components use TLS/SSL certificates that are signed by the VMware Certificate Authority (VMCA). These certificates are not trusted by end-user devices.
About this task
Infrastructure administrators connect to different SDDC components, such as vCenter Server systems or a Platform Services Controller from a Web browser to perform configuration, management and troubleshooting. The authenticity of the network node to which the administrator connects must be confirmed with a valid TLS/SSL certificate.
You can use other Certificate Authorities according to the requirements of your organization. You do not replace certificates for machine-to-machine communication. If necessary, you can manually mark these certificates as trusted.
Management vCenter Server
Management NSX Manager
Compute vCenter Server
Compute NSX Manager
vSphere Data Protection