Set Host Certificate Mode on the Management vCenter Server to Support a Custom Certificate Authority in Region A

By default the ESXi hosts are automatically provisioned with VMware Certificate Authority (VMCA) certificates when they are connected to vCenter Server. You set the host certificate mode on vCenter Server to support a custom certificate authority to prevent the vCenter Server from replacing certificates on to the ESXi hosts.


vCenter Server	ESXi Host
sfo01m01vc01.sfo01.rainpole.local	sfo01m01esx01.sfo01.rainpole.local
	sfo01m01esx02.sfo01.rainpole.local
	sfo01m01esx03.sfo01.rainpole.local
	sfo01m01esx04.sfo01.rainpole.local

Procedure

Open a Web browser and go to https://sfo01m01vc01.sfo01.rainpole.local/vsphere-client.


Setting	Value
User name	administrator@vsphere.local
Password	`vsphere_admin_password`

Verify that all CA certificates from vCenter Server are updated on all hosts.
1. In the Navigator, under Hosts and Cluster, select sfo01m01esx01.sfo01.rainpole.local, and click the Configure tab.
2. Under System, select Certificate and click Refresh CA Certificates.
3. Repeat the steps for the ESXi hosts that are controlled by the Management vCenter Server sfo01m01vc01.sfo01.rainpole.local.
Change the certificate mode for the ESXi hosts in the management cluster to custom .
1. In the Navigator, under Hosts and Cluster, select sfo01m01vc01.sfo01.rainpole.local, and click the Configure tab.
2. Under Settings, click Advanced Settings and click Edit.
3. In the filter box, enter certmgmt and press Enter to view only certificate management properties.
4. Change the value of the vpxd.certmgmt.mode property to custom and click OK.

Restart the vCenter Server Appliance to apply the changes.

Open a Web browser and go to https://sfo01m01vc01.sfo01.rainpole.local:5480


Settings	Values
User name	root
Password	`vcenter_server_root_password`

Click Reboot to restart the vCenter Server Appliance.