So have you ever been through the process of replacing your vCenter and ESXi host default certificates? It’s not something to look forward to in my opinion. Now is this really necessary or not is beyond the scope of this post. But please dont replace the certificates just because you can.
So make that assessment for yourself. Just because you have the option doesn’t mean you have to do it. It is definitely more secure but then again the most secure network is the one with no user. Understand what it takes to manage the replacement certs, what does it mean for future hosts that need to be added, how will these certs be renewed, is their a compliance that you need that require you to have CA signed or self signed certs. All these are good questions to assess if this is the route you want to take. Also, this is not something new with 5.x, the ability to replace certificates have existed for a long time.
This morning, I came across Duncan’s post where he compiled a list of very helpful links to those painful processes. Again, the process may not be as painful to some. It really depends on the size of the environment that could make this process either a few minute thing or a project within a project. While I was going through the KB articles, I remembered an awesome product I saw around the VMworld SF 2012 time. vCert Manager was by far the simplest way I have seen to manage certificates for vSphere. I don’t recall sharing this information earlier so I figured now would be a good time to do so. Below is an introductory video of what the tool is capable of doing. It is excepted to be released later this year.