After installing custom ESXi host certificates, certificates revert to VMCA-signed after reconnecting to vCenter
search cancel

After installing custom ESXi host certificates, certificates revert to VMCA-signed after reconnecting to vCenter

book

Article ID: 438658

calendar_today

Updated On:

Products

VMware vCenter Server VMware vSphere ESXi

Issue/Introduction

  • Installing custom ESXi host certificates are successful
  • Using vCert.py, output states the host certificates are installed but after reconnecting the ESXi host to vCenter, the ESXi host certificate changes to VMCA-signed certificates.

    vCert.py output

    Replace ESXi Certificate
    -----------------------------------------------------------------
    Publish CA signing certificates                                OK
    Replace ESXi certificate                                       OK
    Replace ESXi private key                                       OK
    Replace castore.pem                                            OK
 

Cause

The advanced vCenter setting for vpxd.certmgmt.mode is set to VMCA.

Resolution

  1. In the vSphere Client, select the vCenter system that manages the hosts.
  2. Click Configure, and under Settings, click Advanced Settings.
  3. Click Edit Settings.
  4. Click the Filter icon in the Name column, and in the Filter box, enter vpxd.certmgmt to display only certificate management parameters. Note: The available options are vmca, custom, and thumbprint.
  5. Change the value of vpxd.certmgmt.mode to custom if you intend to manage your own certificates, and to thumbprint if you temporarily want to use thumbprint mode, and click Save.
  6. Install the custom ESXi host certificate and reconnect to vCenter.

Additional Information

TechDocs Change the ESXi Certificate Mode

Powered by Wolken Software