vSphere components use SSL to communicate securely with each other and with ESXi. SSL communications ensure data confidentiality and integrity. Data is protected, and cannot be modified in transit without detection.
Certificates are also used by vCenter Server services such as the vSphere Web Client for initial authentication to vCenter Single Sign-On. vCenter Single Sign-On provisions each component with a SAML token that the component uses for authentication going forward.
In vSphere 6.0 and later, the VMware Certificate Authority (VMCA) provisions each ESXi host and each vCenter Server service with a certificate that is signed by VMCA by default.
|Use the Platform Services Controller web interface (vSphere 6.0 Update 1 and later).||Managing Certificates with the Platform Services Controller Web Interface|
|Use the vSphere Certificate Manager utility from the command line.||Managing Certificates with the vSphere Certificate Manager Utility|
|Use CLI commands for manual certificate replacement.||Managing Certificates and Services with CLI Commands|