The vulnerability scan report for ESXi host flags "Plugin ID 51192 SSL Certificate Cannot be Trusted"

Plugin 51192 will have an output similar to "The following certificate was at the top of the certificate chain sent by the remote host, but it is signed by an unknown certificate authority"

VMware vSphere ESXi

The Certificate Authority that signs the ESXI host certificate is unknown to the scan tools (Nessus, Qualys, or similar).

These scan results can be safely ignored and ask to prevent them in the future the environments security team can whitelist the ESXi IP/FQDN from their security scanner, provided that the ESXi host certificate is VMCA issued and valid.

If whitelisting the ESXI IP/FQDN is not preferred, please refer to either option below:

• Replace the host certificates with the custom ones (signed by their Enterprise CA / Public CA whom they trust).
  
  or
  
  
• Download the existing ESXi host certificate from the browser and import it to the scanning tool's certificate store.