This Article provides information how to change the ssl certificates for the ESXi host along with change of the certificate mode.


When adding the ESXi host to the cluster we get the below error : 

• A general system error occurred: SSL Exception: Verification parameters: PeerThumbprint: 5F:0B:09:0F:07:2F:1F:FA:DF:43:3F:63:ED:EB:86:65:C8:5E:29:7C ExpectedThumbprint: ExpectedPeerName: x x..x.x
• The remote host certificate has these problems: * Host name does not match the subject name(s) in certificate. * self signed certificate in certificate chain

Checking the vpxd logs we see the below error : 

To resolve this issue, change the vpxd.certmgmt.mode to thumbprint mode instead of the custom mode 

Procedure

1. In the vSphere Client, select the vCenter Server system that manages the hosts.
2. Click Configure, and under Settings, click Advanced Settings.
3. Click Edit Settings.
4. Click the Filter icon in the Name column, and in the Filter box, enter vpxd.certmgmt to display only certificate management parameters.
5. Change the value of vpxd.certmgmt.mode to thumbprint and click Save.
6. Restart the vCenter Server service.

To regenerate new self-signed certificates for ESXi, see the Generating New Self-Signed Certificates for ESXi section in the vSphere Security guide.