You can use the TLS Configuration utility to disable TLS versions on vCenter Server systems. As part of the process, you can either enable both TLS 1.1 and TLS 1.2, or enable only TLS 1.2.
Prerequisites
Ensure that the hosts and services that the vCenter Server manages can communicate using a version of TLS that remains enabled. For products that communicate only using TLS 1.0, connectivity becomes unavailable.
Procedure
- Log in to the vCenter Server system as a user who can run scripts and go to the directory where the script is located.
| OS |
Command |
| Windows |
cd C:\Program Files\VMware\CIS\vSphereTlsReconfigurator\VcTlsReconfigurator |
| Linux |
cd /usr/lib/vmware-vSphereTlsReconfigurator/VcTlsReconfigurator |
- Run the command, depending on your operating system and on which version of TLS you want to use.
- To disable TLS 1.0 and enable both TLS 1.1 and TLS 1.2, run the following command.
| OS |
Command |
| Windows |
directory_path\VcTlsReconfigurator> reconfigureVc update -p TLSv1.1 TLSv1.2 |
| Linux |
directory_path/VcTlsReconfigurator> ./reconfigureVc update -p TLSv1.1 TLSv1.2 |
- To disable TLS 1.0 and TLS 1.1, and enable only TLS 1.2, run the following command.
| OS |
Command |
| Windows |
directory_path\VcTlsReconfigurator> reconfigureVc update -p TLSv1.2 |
| Linux |
directory_path/VcTlsReconfigurator> ./reconfigureVc update -p TLSv1.2 |
- If your environment includes other vCenter Server systems, repeat the process on each vCenter Server system.
- Repeat the configuration on each ESXi host and each Platform Services Controller.
