When a host is added to a vCenter Server system, vCenter Server sends a Certificate Signing Request (CSR) for the host to VMCA. You can change some of the default settings in the CSR using the vCenter Server Advanced Settings in the vSphere Web Client.

Change company-specific default certificate settings. See ESXi Certificate Default Settings for a complete list of default settings. Some of the defaults cannot be changed.


  1. In the vSphere Web Client, select the vCenter Server system that manages the hosts.
  2. Click the Manage tab and click Settings.
  3. Click Advanced Settings and click Edit.
  4. In the Filter box, enter certmgmt to display only certificate management parameters.
  5. Change the value of the existing parameters to follow company policy and click OK.
    The next time you add a host to vCenter Server, the new settings are used in the CSR that vCenter Server sends to VMCA and in the certificate that is assigned to the host.

What to do next

Changes to certificate metadata only affect new certificates. If you want to change the certificates of hosts that are already managed by the vCenter Server system, you can disconnect and reconnect the hosts.