By default the ESXi hosts are automatically provisioned with VMware Certificate Authority (VMCA) certificates when they are connected to vCenter Server. Set the host certificate mode on vCenter Server to support a custom certificate authority so that vCenter Server stops pushing VMCA certificates on to the ESXi hosts.

About this task

vCenter Server

ESXi Host

sfo01w01vc01.sfo01.rainpole.local

sfo01w01esx01.sfo01.rainpole.local

sfo01w01esx02.sfo01.rainpole.local

sfo01w01esx03.sfo01.rainpole.local

sfo01w01esx04.sfo01.rainpole.local

Procedure

  1. Log in to vCenter Server by using the vSphere Web Client.
    1. Open a Web browser and go to https://sfo01w01vc01.sfo01.rainpole.local/vsphere-client.
    2. Log in using the following credentials.

      Setting

      Value

      User name

      administrator@vsphere.local

      Password

      vsphere_admin_password

  2. Verify that all CA certificates from vCenter Server are updated on all hosts.
    1. In the Navigator, under Hosts and Cluster, select sfo01w01esx01.sfo01.rainpole.local, and click the Configure tab.
    2. Under System, select Certificate and click Refresh CA Certificates.
    3. Repeat the steps for the ESXi hosts that are controlled by the vCenter Server sfo01w01vc01.sfo01.rainpole.local.
  3. Change the certificate mode for the ESXi hosts in the consolidated cluster to custom .
    1. In the Navigator, under Hosts and Cluster, select sfo01w01vc01.sfo01.rainpole.local, and click the Configure tab.
    2. Under Settings, click Advanced Settings and click Edit.
    3. In the filter box, enter certmgmt and press Enter to view only certificate management properties.
    4. Change the value of the vpxd.certmgmt.mode property to custom and click OK.
  4. Restart the vCenter Server Appliance to apply the changes.
    1. Open a Web browser and go to https://sfo01w01vc01.sfo01.rainpole.local:5480
    2. Log in using the following credentials.

      Settings

      Values

      User name

      root

      Password

      vcenter_server_root_password

    3. Click Reboot to restart the vCenter Server Appliance.