By default, vSphere Authentication Proxy adds any host if it has the IP address of that host in its access control list. For additional security, you can enable client authentication. If client authentication is enabled, vSphere Authentication Proxy also checks the certificate of the host.
Prerequisites
- Verify that the vCenter Server system trusts the host. By default, when you add a host to vCenter Server, the host is assigned a certificate that is signed by a vCenter Server trusted root CA. vSphere Authentication Proxy trusts vCenter Server trusted root CA.
-
If you plan on replacing ESXi certificates in your environment, perform the replacement before you enable vSphere Authentication Proxy. The certificates on the ESXi host must match that of the host's registration.