I'm moving our 5.0 U1 env to MS CA generated certs rather than self signed and am just looking at certificate revocation. Our internal Microsoft CA only publishes the CRL to AD and the ESXi hosts I'm initially dealing with do join the domain. I'm just checking revocation of a certificate works. I have revoked the cert on the CA and re-published a full CRL.
It may be a timing thing but ESXi seems to be working quite happily. I have put it in Maint mode and rebooted a couple of times, without issue
I take it ESXi does support certificate revocation?
I can find some hits regards VMware View and cert revocation but nothing really on ESXi?
Has anyone done this? I was expecting the host to go disconnected, is that what is supposed to happen?
I have asked VMware to provide some input on this question. I know revocation lists should work but I am not sure the result.
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009, 2010, 2011,2012,2013
Author of the books 'VMWare ESX and ESXi in the Enterprise: Planning Deployment Virtualization Servers', Copyright 2011 Pearson Education. 'VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment', Copyright 2009 Pearson Education.
Virtualization and Cloud Security Analyst: The Virtualization Practice, LLC -- vSphere Upgrade Saga -- Virtualization Security Round Table Podcast