VMware products use standard X.509 version 3 (X.509v3) certificates to encrypt session information sent over Secure Socket Layer (SSL) protocol connections between components.
For example, communications between a vCenter Server system and each ESXi host that it manages are encrypted. The client verifies the authenticity of the certificate presented during the SSL handshake phase, before encryption, which protects against man-in-the-middle attacks.
The vSphere environment requires certificates in several places, as shown in the following list.
STS certificate – Used by Single Sign-On to encrypt the SAML token
SSO certificates – Used by solutions to register themselves to Single Sign-On
SSL certificates – Used for secure communication between clients and the vCenter Server and vSphere Web Client
Host Certificates – Used for communication between vCenter Servers and ESXi hosts.
Each vCenter Server system component, shown in the following list, must have a unique certificate.
- vCenter Inventory Service
- vCenter Single Sign-On
- vCenter Update Manager
- vCenter Orchestrator
- vCenter Server
- vSphere Web Client
- vCenter Log Browser