When a host is added to a vCenter Server system, vCenter Server sends a Certificate Signing Request (CSR) for the host to VMCA. Most of the default values are well suited for many situations, but company-specific information can be changed.
You can change many of the default settings using the vSphere Web Client. Consider changing the organization, and location information. See Change Certificate Default Settings.
Parameter | Default Value | Advanced Option |
---|---|---|
Key Size | 2048 | N.A. |
Key Algorithm | RSA | N.A. |
Certificate Signature Algorithm | sha256WithRSAEncryption | N.A. |
Common Name | Name of the host if the host was added to vCenter Server by host name. IP address of the host if the host was added to vCenter Server by IP address. |
N.A. |
Country | USA | vpxd.certmgmt.certs.cn.country |
Email address | [email protected] | vpxd.certmgmt.certs.cn.email |
Locality (City) | Palo Alto | vpxd.certmgmt.certs.cn.localityName |
Organization Unit Name | VMware Engineering | vpxd.certmgmt.certs.cn.organizationalUnitName |
Organization Name | VMware | vpxd.certmgmt.certs.cn.organizationName |
State or province | California | vpxd.certmgmt.certs.cn.state |
Number of days the certificate is valid. | 1825 | vpxd.certmgmt.certs.cn.daysValid |
Hard threshold for certificate expiration. vCenter Server raises a red alarm when this threshold is reached. | 30 days | vpxd.certmgmt.certs.cn.hardThreshold |
Poll interval for vCenter Server certificate validity checks. | 5 days | vpxd.certmgmt.certs.cn.pollIntervalDays |
Soft Threshold for certificate expiration. vCenter Server raises an event when this threshold is reached. | 240 days | vpxd.certmgmt.certs.cn.softThreshold |
Mode that vCenter Server users to determine whether existing certificates are replaced. Change this mode to retain custom certificates during upgrade. See Host Upgrades and Certificates. | Default is vmca You can also specify thumbprint or custom. See Change the Certificate Mode. |
vpxd.certmgmt.mode |