You can use the TLS Configuration utility to enable or disable TLS versions on vCenter Server systems. As part of the process, you can disable TLS 1.0, and enable TLS 1.1 and TLS 1.2. Or, you can disable TLS 1.0 and TLS 1.1, and enable only TLS 1.2.

Prerequisites

Ensure that the hosts and services that the vCenter Server manages can communicate using a version of TLS that remains enabled. For products that communicate only using TLS 1.0, connectivity becomes unavailable.

Procedure

  1. Log in to the vCenter Server system with the user name and password for administrator@vsphere.local, or as another member of the vCenter Single Sign-On Administrators group who can run scripts.
  2. Go to the directory where the script is located.
    cd /usr/lib/vmware-TlsReconfigurator/VcTlsReconfigurator
  3. Run the command, depending on which version of TLS you want to use.
    • To disable TLS 1.0 and enable both TLS 1.1 and TLS 1.2, run the following command.
      directory_path/VcTlsReconfigurator> ./reconfigureVc update -p TLSv1.1 TLSv1.2
    • To disable TLS 1.0 and TLS 1.1, and enable only TLS 1.2, run the following command.
      directory_path/VcTlsReconfigurator> ./reconfigureVc update -p TLSv1.2
  4. If your environment includes other vCenter Server systems, repeat the process on each vCenter Server system.
  5. Repeat the configuration on each ESXi host.