You can configure vCenter Server to check the SSL certificates of hosts to which it connects. If you configure this setting, vCenter Server and the vSphere Client check for valid SSL certificates before connecting to a host for operations such as adding a host or making a remote console connection to a virtual machine.

vCenter Server 5.1 and vCenter Server 5.5 always connect to ESXi hosts using SSL thumbprint certificates. Starting with vCenter Server 6.0, the SSL certificates are signed by VMware Certificate Authority by default. You can instead use certificates from a third-party CA. Thumbprint mode is supported only for legacy hosts.


  1. In the vSphere Client, navigate to the vCenter Server instance.
  2. Select the Configure tab.
  3. Under Settings, select General.
  4. Click Edit.
  5. Select SSL settings.
  6. Determine the host thumbprint for each legacy host that requires validation.
    1. Log in to the direct console.
    2. Select View Support Information on the System Customization menu.
      The thumbprint is displayed in the column on the right.
  7. Compare the thumbprint you obtained from the host with the thumbprint listed in the vCenter Server SSL settings dialog box.
  8. If the thumbprints match, select the check box for the host.
    Hosts that are not selected will be disconnected after you click Save.
  9. Click Save.