To prevent man-in-the-middle attacks and to fully use the security that certificates provide, certificate checking is enabled by default. You can verify that certificate checking is enabled in the vSphere Web Client.

About this task


vCenter Server certificates are preserved across upgrades.


  1. Browse to the vCenter Server system in the vSphere Web Client object navigator.
  2. Select the Manage tab, click Settings, and click General.
  3. Click Edit.
  4. Click SSL Settings and verify that vCenter requires verified host SSL certificates is selected.
  5. If there are hosts that require manual validation, compare the thumbprints listed for the hosts to the thumbprints in the host console.

    To obtain the host thumbprint, use the Direct Console User Interface (DCUI).

    1. Log in to the direct console and press F2 to access the System Customization menu.
    2. Select View Support Information.

      The host thumbprint appears in the column on the right.

  6. If the thumbprint matches, select the Verify check box next to the host.

    Hosts that are not selected will be disconnected after you click OK.

  7. Click OK.