We plan to replace our current PKI infrastructure. We have ESXi 5.5 hosts that use certificates issued by our internal CA. The certificates are valid for several more years.
So the question is: does anyone know if the ESXi host at any time query the CA that issued its certificate? If it does, what happens when it cannot reach that CA (as it has been removed)?
Read this KB to know, how to you should generate new certificate for ESXi from a CA: Configuring CA signed certificates for ESXi 5.x hosts (2015499) | VMware KB
Thanks for your reply.I'm familiar with generating certificates, but experienced a lot of problems last time we changed them. So, if possible, I would like to keep the current certificates, as they are valid for a long time. I still need to know if the vSphere PKI infrastrukture will be functional when the CA is removed.