ESXi host's certificate cannot renew or refresh when vpxd.certmgmt.mode is not "vmca" or "custom"
Article ID: 312472
Updated On:
Products
VMware vCenter Server
VMware vSphere ESXi
Issue/Introduction
Symptoms:
- When renew ESXi host's certificate on vCenter Server, ESXi certificate's expire date is not updated. No error on vCenter Server, neither.
- When refresh ESXi host's certificate on vCenter Server, no certificate is pushed to ESXi. No error on vCenter Server, neither.
- vSphere HA cannot be configured, due to SSL Handshake verification failure
Environment
VMware VCenter Server 6.x
VMware VCenter Server 7.x
VMware VCenter Server 8.x
VMware vSphere ESXi 6.x
VMware vSphere ESXi 7.x
VMware vSphere ESXi 8.x
Cause
In vCenter Server's Advanced Settings, vpxd.certmgmt.mode is not "vmca".
Resolution
Please check vpxd.certmgmt.mode in vCenter Server' advanced Settings:
Change the ESXi Certificate Mode (vmware.com)
If vpxd.certmgmt.mode is "thumbprint", please set vpxd.certmgmt.mode to "vmca" then restart vpxd service.
Additional Information
Feedback
Yes
No
Powered by
