What are vCenter certificates used for?

hoon0715 · ‎01-02-2024

First of all, everyone happy new year!! : )

I have a question from the new year.

What are the Machine_SSL, STS, and ROOT CA certificates that can see in the vCenter Web UI used for?

What happens when they expire or are missing?

I want to make sure I know exactly what these certificates do!

Kinnison · ‎01-02-2024

Hello,

Trying to make it very simple (even too simple), they essentially serve because within a vSphere infrastructure, communications between/with the various software components that compose it are made secure using "certificates". Keeping it simple, what happens when a certificate expires, i.e. it is no longer valid, communications are rejected and things start to no longer work as they should.

A good reference that might answer your question can be found here:
https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-authentication/GUID-3AF7757E-A30E-4EEC-8A41-28...

Regards,
Ferdinando

navina · ‎01-04-2024

What are the Machine_SSL, STS, and ROOT CA certificates that can see in the vCenter Web UI used for?

Machine_SSL - Works on port 443. Then you open the UI of vCenter, it uses the Machine_SSL cert
STS - Secure Token Service, used to sign the internal tokens for authentication
Root CA - Certificate Authority, which is the signing cert / root cert

What happens when they expire or are missing?

The services would fail and would not be able to access the server.

Regards,
Navin A

All

What are vCenter certificates used for?