Enable smart card authentication to prompt for smart card and PIN combination to log in to the ESXi DCUI.


  • Set up the infrastructure to handle smart card authentication, such as accounts in the Active Directory domain, smart card readers, and smart cards.
  • Configure ESXi to join an Active Directory domain that supports smart card authentication. For more information, see Using Active Directory to Manage ESXi Users.
  • Use the vSphere Client to add root certificates. See Certificate Management for ESXi Hosts.


  1. Browse to the host in the vSphere Client inventory.
  2. Click Configure.
  3. Under System, select Authentication Services.
    You see the current smart card authentication status and a list with imported certificates.
  4. In the Smart Card Authentication panel, click Edit.
  5. In the Edit Smart Card Authentication dialog box, select the Certificates page.
  6. Add trusted Certificate Authority (CA) certificates, for example, root and intermediary CA certificates.
    Certificates must be in PEM format.
  7. Open the Smart Card Authentication page, select the Enable Smart Card Authentication check box, and click OK.