You can use the TLS Configuration utility to enable or disable TLS versions on vCenter Server systems with an external Platform Services Controller and on vCenter Server systems with an embedded Platform Services Controller. As part of the process, you can disable TLS 1.0, and enable TLS 1.1 and TLS 1.2. Or, you can disable TLS 1.0 and TLS 1.1, and enable only TLS 1.2.

Prerequisites

Ensure that the hosts and services that the vCenter Server manages can communicate using a version of TLS that remains enabled. For products that communicate only using TLS 1.0, connectivity becomes unavailable.

Procedure

  1. Log in to the vCenter Server system with the user name and password for administrator@vsphere.local, or as another member of the vCenter Single Sign-On Administrators group who can run scripts.
  2. Go to the directory where the script is located.
    OS Command
    Windows
    cd %VMWARE_CIS_HOME%\TlsReconfigurator\VcTlsReconfigurator
    Linux
    cd /usr/lib/vmware-TlsReconfigurator/VcTlsReconfigurator
  3. Run the command, depending on your operating system and on which version of TLS you want to use.
    • To disable TLS 1.0 and enable both TLS 1.1 and TLS 1.2, run the following command.
      OS Command
      Windows
      directory_path\VcTlsReconfigurator> reconfigureVc update -p TLSv1.1 TLSv1.2
      Linux
      directory_path/VcTlsReconfigurator> ./reconfigureVc update -p TLSv1.1 TLSv1.2
    • To disable TLS 1.0 and TLS 1.1, and enable only TLS 1.2, run the following command.
      OS Command
      Windows
      directory_path\VcTlsReconfigurator> reconfigureVc update -p TLSv1.2
      Linux
      directory_path/VcTlsReconfigurator> ./reconfigureVc update -p TLSv1.2
  4. If your environment includes other vCenter Server systems, repeat the process on each vCenter Server system.
  5. Repeat the configuration on each ESXi host and each Platform Services Controller.