In vSphere 6.0 and later, hosts are assigned VMCA certificates by default. If you change the certificate mode to thumbprint, you can continue to use thumbprint mode for legacy hosts. You can verify the thumbprints in the vSphere Client.

Note: Certificates are preserved across upgrades by default.


  1. Browse to the vCenter Server in the vSphere Client inventory.
  2. Click Configure.
  3. Under Settings, click General.
  4. Click Edit.
  5. Click SSL settings.
  6. If any of your ESXi 5.5 or earlier hosts require manual validation, compare the thumbprints listed for the hosts to the thumbprints in the host console.
    To obtain the host thumbprint, use the Direct Console User Interface (DCUI).
    1. Log in to the direct console and press F2 to access the System Customization menu.
    2. Select View Support Information.
      The host thumbprint appears in the column on the right.
  7. If the thumbprint matches, select the Verify check box next to the host.
    Hosts that are not selected will be disconnected after you click OK.
  8. Click Save.