ESXi Certificate Management for VMware Cloud Foundation
VMware Cloud Foundation
If your organization has a policy to use certificates signed by an external certificate authority (CA), you must replace the default ESXi SSL certificates that are signed by the VMware Certificate Authority (VMCA).
SDDC Manager does not manage certificates for ESXi hosts. Instead, VMCA on vCenter Server provisions each new ESXi host with a signed certificate where VMCA is the root certificate authority by default. To comply with the policy of your organization, you manually replace the host’s certificate.
You can replace host certificates step-by-step by using product user interface or in an automated way, as code-based alternatives to certain UI-based procedures, by calling the cmdlets in the VMware.CloudFoundation.CertificateManagement module in PowerShell Gallery.
If you want to read the documentation, provide feedback, report an issue with automation, or contribute to the
VMware.CloudFoundation.CertificateManagement
module, go to the VMware.CloudFoundation.CertificateManagement open-source project in Github.Content Scope
The ESXi certificate management guidance in this section covers following scenarios:
- Replacing an ESXi host certificate signed by VMCA with a certificate signed by an external certificate authority in an already deployed SDDC workload domain.
- Replacing an ESXi host certificate signed by an external certificate authority with another certificate signed by an external certificate authority in an already deployed SDDC workload domain.
Prerequisites
To perform the configuration associated with ESXi certificate management, verify that your system fulfills the following prerequisites.
Category | Prerequisite |
|---|---|
Environment | Verify that your VMware
Cloud Foundation instance is healthy and fully operational. |
Infrastructure-as-code | To use the infrastructure-as-code method for managing ESXi host certificates, verify that your system fulfills the prerequisites, described in the documentation of the VMware.CloudFoundation.CertificateManagement open-source project in Github. |