After you install custom SSL certificates, attempts to enable vSphere High Availability (HA) fail.

Problem

When you attempt to enable vSphere HA on a host with custom SSL certificates installed, the following error message appears: vSphere HA cannot be configured on this host because its SSL thumbprint has not been verified.

Cause

When you add a host to vCenter Server, and vCenter Server already trusts the host's SSL certificate, VPX_HOST.EXPECTED_SSL_THUMBPRINT is not populated in the vCenter Server database. vSphere HA obtains the host's SSL thumbprint from this field in the database. Without the thumbprint, you cannot enable vSphere HA.

1. In the vSphere Web Client, disconnect the host that has custom SSL certificates installed.
2. Reconnect the host to vCenter Server.
3. Accept the host's SSL certificate.
4. Enable vSphere HA on the host.