SAN Field Shows Short Hostname Instead of FQDN for ESXi Host when CSR is generated through vCenter Server UI(vSphere Client)
search cancel

SAN Field Shows Short Hostname Instead of FQDN for ESXi Host when CSR is generated through vCenter Server UI(vSphere Client)

book

Article ID: 406630

calendar_today

Updated On:

Products

VMware vSphere ESXi VMware vCenter Server

Issue/Introduction

When generating a CSR for an ESXi Host through vCenter Server UI, the SAN field shows only the short hostname, not the FQDN.

Environment

VMware vCenter Server 8.0.3.x

Cause

If the Default TCP/IP Stack is missing the Domain field, the system fails to recognize FQDN properly during CSR generation.

Resolution

Steps to resolve to the issue:

  1. Verify Hostname

    • From DCUI, confirm the Hostname is set correctly.

  2. Update Domain name in TCP/IP Stack

    • Navigate to: Networking > TCP/IP Stacks > Default TCP/IP Stack.

    • If Domain name is missing:

      • Add the Domain name in TCP/IP Stack.

  3. Generate CSR in Custom Mode

    • Set vpxd.certmgmt.mode to custom in vCenter following Document: Change Certificate Mode

    • Generate CSR again.

    • SAN field should now contain the FQDN.

  4. Repeat this process for other impacted Hosts.

Note, If the above fails with error stating ESXi is domain joined then Leave the Active Directory Domain from the Authentication Services section and perform Step 2 and then  rejoin the AD domain and proceed with Step 3.

 

Additional Information

Note:

If the Certificate page is blank or options are missing, it confirms the Host was added when vpxd.certmgmt.mode was set to thumbprint. Follow the steps mentioned in KB before following resolution steps mentioned above: ESXi Host Certificate page shows blank in vCenter UI client

Always ensure vpxd.certmgmt.mode = vmca before adding Hosts to vCenter unless intentionally using custom CA  signed certs.

Powered by Wolken Software