When a host is added to a vCenter Server system, vCenter Server sends a Certificate Signing Request (CSR) for the host to VMCA. You can change some of the default settings in the CSR using the vCenter Server Advanced Settings in the vSphere Web Client.

See ESXi Certificate Default Settings for a list of default settings. Some of the defaults cannot be changed.

Procedure

  1. In the vSphere Web Client, select the vCenter Server system that manages the hosts.
  2. Click Configure, and click Advanced Settings.
  3. In the Filter box, enter certmgmt to display only certificate management parameters.
  4. Change the value of the existing parameters to follow company policy and click OK.
    The next time you add a host to vCenter Server, the new settings are used in the CSR that vCenter Server sends to VMCA and in the certificate that is assigned to the host.

What to do next

Changes to certificate metadata only affect new certificates. If you want to change the certificates of hosts that are already managed by the vCenter Server system, you can disconnect and reconnect the hosts or renew the certificates.