Site icon Virtual Maestro

vSphere 7.0: Understanding certificates


All communications inside vSphere are protected with TLS certificates and not the SSL. 

TLS provides secure communication for web browsers and servers. The connection is secure as symmetric cryptography is used to encrypt the data transmitted. The keys are uniquely generated for each connection and are based on a shared secret negotiated at the beginning of the session, also known as a TLS handshake.

TLS has four versions as listed below: 

For more information on TLS and its versions, refer TLS

Supported Certificates Authorities (CA):

For vCenter Server and related machines and services, the following CA’s are supported: 

VMware Certificate Authority (Aka VMCA): 

Custom certificates: 

Requirements for Certificates:

Certificate requirements depend on whether you use VMCA as an intermediate CA or you use custom certificates. Requirements are also different for machine certificates.

Do refer to VMware documentation for detailed requirements. I am not including here as this article will turn into a big chapter of some book 😅😅😅

vSphere Certificate management tools in vSphere 7.0: 

The following certificates are used in vSphere: 

ESXi Certificates:

Machine SSL Certificates:

Solution User Certificates: 

Internal Certificates:

vCenter SSO certificates are not stored in VMware Endpoint Certificate Store (VECS) and are not managed with certificate management tools. Generally changes are not required, but in special situations, you can replace these certificates.

VMware Endpoint Certificate Store(VECS):

VECS Stores:

VECS includes the following stores.

Exit mobile version