ESXi Certificates in vSphere 6

Starting from vSphere 6.0, VMCA (VMware Certificate Authority) provisions each new ESXi host with certificates when they are added to the vCenter Server system.1.png

In contrast to vCenter Server Certificates, ESXi certificates are not stored in VECS (VMware Endpoint Certificate Store). Instead they are stored locally on each host in /etc/vmware/ssl


An upgrade to ESXi 6.0 replaces existing thumbprint certificates with VMCA signed certificates, custom certificates are retained. However if you select renew certificates in vSphere web client, VMCA pushes a fresh VMCA signed certificate to the host and overwrites any existing certificate even a custom certificate.2.png

To prevent overwriting custom certificate, you can change the certificate mode from vSphere Web Client. There can be three kind of certificate mode in vSphere 6.0:

  • Thumbprint mode: To accommodate any legacy host
  • VMCA Mode: Which uses VMCA as a root CA
  • Custom Mode: To use only third party certificate


To set certificate mode in vSphere web client, go to vCenter Server – Manage – Settings – Advance Settings – click edit3.png

In the filter box, enter “certm” to display only certificate management keys.4.png


Change the value of “vpxd.certmgmtmode” to custom, if you intend to manage you own certificate and thumbprint if you want to use thumbprint mode and click OK.

Restart the vCenter server service. The mode always apply to all the host managed by vCenter server system that uses that mode.

What’s new in VMware Licensing (Q1,2016 Update)

vSphere & vSphere With Operation Management (vSOM) 2016 packaging changes:


As you can see vSphere Enterprise , vSOM Standard & vSOM Enterprise are no longer available , effective from June 30 , 2016 these licneses will not be available to buy.

vCenter Server Packaging changes:

vCenter Server standard now will come with 25 OSIs of vRealize Log Insight for vCenter Server by default. There will be no change to the vCenter server foundation although.

Upgrade Options available for customers:

  • existing vSphere Enterprise customer can upgrade to vSphere Enterprise plus at a 50% discount between Feb 10,2016 and June 25,2016
  • existing vSphere with operations management Enterprise customer can upgrade to vSphere with operation management Enterprise plus at a 50% discount between Feb 10,2016 and June 25,2016

vRealize Suite ( vRS ) and vCloud (vCS) licensing Changes :


Application monitoring is one of the features in vRealize operations enterprise edition. It is included in vRealize suite enterprise edition and available as an add-on capability for vRealize suite standard and advanced.

vCloud suite aligned to vRealize suite . Available as a convenience bundle with vSphere.


VMware also introduced a new portable licensing for vRealize which protects a customer investment in VMware. With the new portable licensing customer can switch between private and public cloud or between vSphere and non vSphere hosts.4.png

Portable licensing restricted to vRS only (including vRS in vCS) . It does not apply to vSphere , vSOM and standalone management products.