Does anyone have specific vmware documents stating what happens IF we don't replace the default certificates for the vCenter 5.1 SSO, Inventory, Web Client etc....services?
I found this below on page 19 of https://www.vmware.com/files/pdf/products/vCenter/VMware-vCenter-Server-Single-Sign-On.pdf
Updating Certificates
When installing vCenter Single Sign-On, each component that registers with it—including
vCenter Single Sign-On itself—uses SSL to communicate between components and registered solutions.
By default, the SSL certificates are autogenerated by VMware during the installation and upgrade process
and are sufficient for the operational security for most VMware customers.
Some customers prefer to use their own self-signed or purchased SSL certificates. A tool has been developed to
assist with the insertion of these certificates after vCenter Server installation. Due to the additional knowledge
required to create and install self-signed certificates, we recommend reviewing the following VMware knowledge
base articles:
“Deploying and using the SSL Certificate Automation Tool”
(VMware knowledge base article 2041600)
“Generating certificates for use with the VMware SSL Certificate Automation Tool”
(VMware knowledge base article 2044696)
In 10 years your vCenter won't start anymore (due to certificate expiration).
Your users will see pesky SSL certificate warnings when connecting to components.
Apart from that all traffic is still secured and encrypted even with default certificates, you simply don't have a chain of trust for them.
In 10 years your vCenter won't start anymore (due to certificate expiration).
Your users will see pesky SSL certificate warnings when connecting to components.
Apart from that all traffic is still secured and encrypted even with default certificates, you simply don't have a chain of trust for them.