Home » VMware » 2V0-621 v.2 » Which two statements are correct regarding vSphere certificates?
Which two statements are correct regarding vSphere certificates? (Choose two.)
A. ESXi host upgrades do not preserve the SSL certificate and reissue one from the VMware Certificate Authority (VMCA).
B. ESXi host upgrades preserve the existing SSL certificate.
C. ESXi hosts have assigned SSL certificates from the VMware Certificate Authority (VMCA) during install.
D. ESXi hosts have self-signed SSL certificates by default.
Correct Answer: BC
Explanation/Reference:
Explanation:
B-) ESXi hosts that are upgraded from vSphere 5.x to vSphere 6.0 will continue using their Certificate Authority signed certificates if they were replaced in the previous versions. However, ESXi 5.x hosts that were running self-signed certificates and then upgraded to vSphere 6.0 will have their certificates regenerated using VMware-signed.
Fo rmore info link:
https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2113926
C-) In vSphere 6.0, VMware tried to address SSL certificates in a different manner. It introduced a new component called the "Platform Services Controller." The Platform Services Controller includes a fully-functional certificate authority, called the VMware Certification Authority (VMCA), that automatically manages the certificates used in vCenter and the ESXi hosts.
There are two steps to complete. First, you need to retrieve the root certificate from vCenter and convert it into something usable. Once you’ve done that, you need to deploy it as a Trusted Root Certificate. The easiest way to do this with multiple computers is to use Group Policy. Here are the steps to retrieve the certificate:
1.Open your Web browser.
2.Navigate to https://<fqdn of vcenter>
3. In the lower right-hand corner, click the Download Trusted Root CA link.—— for more:
https://pubs.vmware.com/vsphere-60/index.jsp#com.vmware.vsphere.security.doc/GUID-C91AFFAD-A830-4BBE-BF7C-F779A3AD03F1.html?resultof= %2522%2573%2573%256c%2522%2520
