By default, ESXi hosts require explicit verification of the vSphere Authentication Proxy certificate. If you are using vSphere Auto Deploy, the Auto Deploy service takes care of adding the certificate to hosts that it provisions. For other hosts, you have to add the certificate explicitly.

Prerequisites

  • Upload the vSphere Authentication Proxy certificate to a datastore accessible to the ESXi host. Using an SFTP application such WinSCP, you can download the certificate from the vCenter Server host at the following location.
    vCenter Server Appliance
    /var/lib/vmware/vmcam/ssl/rui.crt
    vCenter Server Windows
    C:\ProgramData\VMware\vCenterServer\data\vmcamd\ssl\rui.crt
  • Verify that the UserVars.ActiveDirectoryVerifyCAMCertificate ESXi advanced setting is set to 1 (the default).

Procedure

  1. Select the ESXi host and click Configure.
  2. Under System, select Authentication Services.
  3. Click Import Certificate.
  4. Enter the certificate file path following the format [datastore]/path/certname.crt, and click OK.