Which two statements are correct regarding vSphere certificates?

(Choose two.)
A.ESXi host upgrades do not preserve the SSL certificate and reissue one from the VMware
Certificate Authority (VMCA).
B.ESXi host upgrades preserve the existing SSL certificate.
C.ESXi hosts have assigned SSL certificates from the VMware Certificate Authority (VMCA) during
install.
D.ESXi hosts have self-signed SSL certificates by default.
Answer: B,C
Explanation:
Of course, ESXi host upgrades preserve existing SSLcertificate and it also have assigned SSL
certificates from VMCA during the installation process.

Comments 4

  • But isn’t that bullshit? There is no connection to vCenter server (and so the VMCA) during ESXi host installation. The completely installed ESXi host has first to be connected to vCenter from vSphere (web) Client later. So where should the certificate come from?

    My shot would be B and D.

  • Regarding “C”:
    How should the hosts have assigned SSL certificates bei the VMCA during install? They are not connected to an vCenter Server which the VMCA is a component of.

    “B” and “D” are technically correct: Installation of ESXi does create a self-signed certificate and certificates are preserved during upgrades.

  • C is wrong. The VMCA certificate is issued to a host when the host is added to the vCenter server. Even then, if the host has a custom certificate, the VMCA will not replace it with a new VMCA issued certificate. C is bullshit.

    Even B is sketchy. Certificates are preserved only if the are custom. If it’s a self signed, then the VMCA will replace it

  • I fully agree, it is not the first question which is unclear or incomplete. the correct statements are: B, C in case of host is added to “an existing vCenter” and D in case of host standalone install.

Leave a Reply

Your email address will not be published. Required fields are marked *