Use VMware Certificate Authority (VMCA) to provision the ESXi hosts in your environment unless your corporate policy requires that you use custom certificates. To use custom certificates with a different root CA, edit the advanced vCenter Server setting, vpxd.certmgmt.mode. After the change, the hosts are no longer automatically provisioned with VMCA certificates when you refresh the certificates. You are responsible for the certificate management in your environment.

You can use the advanced vCenter Server settings to change to thumbprint mode or to custom CA mode. Use thumbprint mode only as a fallback option.

Procedure

  1. In the vSphere Client, select the vCenter Server system that manages the hosts.
  2. Click Configure, and under Settings, click Advanced Settings.
  3. Click Edit Settings.
  4. Click the Filter icon in the Name column, and in the Filter box, enter vpxd.certmgmt to display only certificate management parameters.
    Note: The available options are vmca, custom, and thumbprint.
  5. Change the value of vpxd.certmgmt.mode to custom if you intend to manage your own certificates, and to thumbprint if you temporarily want to use thumbprint mode, and click Save.