Security design with the VMware Certificate Authority

Using digital certificates can give users confidence that the vSphere components with which they're communicating are trusted. With the introduction of the Platform Services Controller (PSC) in vSphere 6.0, VMware included an embedded certificate authority to manage certificates in a vSphere environment called the VMware Certificate Authority (VMCA).

This section will discuss how an architect can use the VMCA to design a secure and trusted vSphere environment. By default, the VMCA creates and issues self-signed certificates. Being self-signed, they're not trusted, because they're not issued by a trusted Certificate Authority (CA). A secure design should include trusted certificates.