VMworld 2019: Managing vSphere Certificates

Notes: Although the notes from the session are not lengthy, the impact of this announcement cannot be understated. VMware has finally brought to the table slimplifed VCSA (and later ESXi) certificate management. I can't wait for the future betas to try out these new features.  

New APIs for Cert management 

Intuitive UI to manage certs

Reduce total number of certs - Machine SSL certificate. No more solution users certificates.

Address known cert issues

​Certificate API story: Rest API with PowerShell coming

​Currently the VCSA is in scope for this simplication, with ESXi hosts coming later. 

vSphere Identity Federation

Federated authentication: AuthN, Authz

Major Identity Providers: Microsoft AD, AAD, Ping, Okta, vIDM


Local accounts: For bootstrap and failsafe scenarios

Very long term goal: Total removal of passwords for authentication. But that will be a long road and passwords will be supported for at least the next two major vSphere versions.

vCenter will NOT see your credentials. vSphere client will redirect you to the enterprise authentication portal.

Print Friendly, PDF & Email

Related Posts

Notify of
Inline Feedbacks
View all comments