You can use the TLS Configuration utility to enable or disable TLS versions on vCenter Server systems with an external Platform Services Controller and on vCenter Server systems with an embedded Platform Services Controller. As part of the process, you can disable TLS 1.0, and enable TLS 1.1 and TLS 1.2. Or, you can disable TLS 1.0 and TLS 1.1, and enable only TLS 1.2.
Prerequisites
Ensure that the hosts and services that the vCenter Server manages can communicate using a version of TLS that remains enabled. For products that communicate only using TLS 1.0, connectivity becomes unavailable.
Procedure
- Log in to the vCenter Server system with the user name and password for [email protected], or as another member of the vCenter Single Sign-On Administrators group who can run scripts.
- Go to the directory where the script is located.
OS |
Command |
Windows |
cd %VMWARE_CIS_HOME%\TlsReconfigurator\VcTlsReconfigurator |
Linux |
cd /usr/lib/vmware-TlsReconfigurator/VcTlsReconfigurator |
- Run the command, depending on your operating system and on which version of TLS you want to use.
- To disable TLS 1.0 and enable both TLS 1.1 and TLS 1.2, run the following command.
OS |
Command |
Windows |
directory_path\VcTlsReconfigurator> reconfigureVc update -p TLSv1.1 TLSv1.2 |
Linux |
directory_path/VcTlsReconfigurator> ./reconfigureVc update -p TLSv1.1 TLSv1.2 |
- To disable TLS 1.0 and TLS 1.1, and enable only TLS 1.2, run the following command.
OS |
Command |
Windows |
directory_path\VcTlsReconfigurator> reconfigureVc update -p TLSv1.2 |
Linux |
directory_path/VcTlsReconfigurator> ./reconfigureVc update -p TLSv1.2 |
- If your environment includes other vCenter Server systems, repeat the process on each vCenter Server system.
- Repeat the configuration on each ESXi host and each Platform Services Controller.