Core identity services are part of every vCenter Server system. VMware Certificate Authority (VMCA) is part of every VMware core identity services group. Use the management CLIs and the vSphere Client to interact with these services.

VMware core identity services include several components.

Table 1. Core Identity Services
Service Description
VMware Directory Service (vmdir) Identity source that handles SAML certificate management for authentication with vCenter Single Sign-On.
VMware Certificate Authority (VMCA) Issues certificates for VMware solution users, machine certificates for machines on which services are running, and ESXi host certificates. VMCA can be used as is, or as an intermediary certificate authority.

VMCA issues certificates only to clients that can authenticate to vCenter Single Sign-On in the same domain.

VMware Authentication Framework Daemon (VMAFD) Includes the VMware Endpoint Certificate Store (VECS) and several other authentication services. VMware administrators interact with VECS. The other services are used internally.