Communications between client components and a vCenter Server system or ESXi hosts are protected by SSL-based encryption by default. Linux versions of these components do not perform certificate validation. Consider restricting the use of these clients.

Even if you have replaced the VMCA-signed certificates on the vCenter Server system and the ESXi hosts with certificates that are signed by a third party CA, certain communications with Linux clients are still vulnerable to man-in-the-middle attacks. The following components are vulnerable when they run on the Linux operating system.

vCLI commands

vSphere SDK for Perl scripts

Programs written using the vSphere Web Services SDK

You can relax the restriction against using Linux clients if you enforce proper controls.

Restrict management network access to authorized systems only.

Use firewalls to ensure that only authorized hosts are allowed to access vCenter Server.

Use jump-box systems to ensure that Linux clients are behind the jump.