You can configure vCenter Server to check the SSL certificates of hosts to which it connects. If you select this option, vCenter Server, the vSphere Client, and Web Access clients check for valid SSL certificates before connecting to a host for such operations as adding a host or making a remote console connection to a virtual machine.

Required privilege: Global.Settings

To configure statistics settings, the vSphere Client must be connected to a vCenter Server system.

1

If necessary, select Administration > vCenter Server Settings to display the vCenter Server Settings dialog box.

2

If the vCenter Server system is part of a connected group, select the server you want to configure from the Current vCenter Server drop-down menu.

3

In Current vCenter Server, select the appropriate server.

4

In the settings list, select SSL Settings.

5

Select vCenter requires verified host certificates.

If there are hosts that require manual validation, these hosts appear in the host list at the bottom of the dialog box.

6

Determine the host thumbprint for each host that requires validation.

For ESX hosts, log into the service console and type openssl x509 -in /etc/vmware/ssl/rui.crt -fingerprint -sha1 -noout.

For ESXi hosts, log into the direct console and select View Support Information on the System Customization menu. The thumbprint is displayed in the column on the right.

7

Compare the thumbprint you obtained from the host with the thumbprint listed in the vCenter Server Settings dialog box.

8

If the thumbprints match, select the check box for the host.

Hosts that are not selected will be disconnected after you click OK.

9

Click OK.