By default the ESXi hosts are automatically provisioned with VMware Certificate Authority (VMCA) certificates when they are connected to vCenter Server. You set the host certificate mode on vCenter Server to support a custom certificate authority to prevent the vCenter Server from replacing certificates on to the ESXi hosts.
vCenter Server |
ESXi Host |
---|---|
sfo01m01vc01.sfo01.rainpole.local |
sfo01m01esx01.sfo01.rainpole.local |
sfo01m01esx02.sfo01.rainpole.local |
|
sfo01m01esx03.sfo01.rainpole.local |
|
sfo01m01esx04.sfo01.rainpole.local |
Procedure
- Log in to vCenter Server by using the vSphere Web Client.
- Verify that all CA certificates from vCenter Server are updated on all hosts.
- In the Navigator, under Hosts and Cluster, select sfo01m01esx01.sfo01.rainpole.local, and click the Configure tab.
- Under System, select Certificate and click Refresh CA Certificates.
- Repeat the steps for the ESXi hosts that are controlled by the Management vCenter Server sfo01m01vc01.sfo01.rainpole.local.
- Change the certificate mode for the ESXi hosts in the management cluster to custom .
- In the Navigator, under Hosts and Cluster, select sfo01m01vc01.sfo01.rainpole.local, and click the Configure tab.
- Under Settings, click Advanced Settings and click Edit.
- In the filter box, enter certmgmt and press Enter to view only certificate management properties.
- Change the value of the
vpxd.certmgmt.mode
property to custom and click OK.
- Restart the vCenter Server Appliance to apply the changes.