vSphere 6.x Certificates – Just because you can, doesn’t mean you should.

As I work closely with VMware Support, it’s clear that issues and confusion around vSphere 6.x certificates are still very much a pain-point for customers.

I’ve spoken a bit about this topic in the past (but have been meaning to get back to it). You can see my previous posts below: (Note: even though they say 6.0 they are applicable for 6.5 too)

What I want to achieve by this post is to hopefully dispel some of the confusion. First, repeat the title of this post to yourself – “Just because you can, doesn’t mean you should.

Just because you can replace any and all certificates in a vSphere environment, doesn’t mean necessarily should.

The only question you need to be able to answer is – “What problem am I trying to solve?


Long story short, for the majority of use cases, replacing the Machine SSL certificate on each vCenter / PSC should be sufficient. Keep reading for more information.

Continue reading “vSphere 6.x Certificates – Just because you can, doesn’t mean you should.”