By default, ESXi hosts require explicit verification of the vSphere Authentication Proxy certificate. If you are using vSphere Auto Deploy, the Auto Deploy service takes care of adding the certificate to hosts that it provisions. For other hosts, you have to add the certificate explicitly.


  • Upload the vSphere Authentication Proxy certificate to the ESXi host. You can find the certificate in the following location.

    vCenter Server Appliance


    vCenter Server Windows


  • Verify that the UserVars.ActiveDirectoryVerifyCAMCertificate ESXi advanced setting is set to 1 (the default).


  1. In the vSphere Web Client, select the ESXi host and click Configure.
  2. Under System, select Authentication Services.
  3. Click Import Certificate.
  4. Type the certificate file path following the format [datastore]/path/certname.crt, and click OK.