UCF STIG Viewer Logo

Default self-signed certificates must not be used by the vCenter Server.


Finding ID Version Rule ID IA Controls Severity
VCENTER-000032 VCENTER-000032 VCENTER-000032_rule Medium
Self-signed certificates, automatically generated by vCenter Server during the installation process, are not signed by a commercial CA, and might not provide strong security. Default self-signed certificates must be replaced with those from a trusted certification authority.
VMware vCenter Server Security Technical Implementation Guide 2013-01-15


Check Text ( C-VCENTER-000032_chk )
Ask the SA if self-signed certificates on the vCenter Server have been changed to certificates from a trusted certification authority.
Alternatively, use the vSphere Client from a remote system to log into the vCenter Server. If a certificate warning dialog box appears, a valid certificate from a trusted certification authority is not used, and this is a finding.
Fix Text (F-VCENTER-000032_fix)
Replace default self-signed certificates with those from a trusted certification authority, either a commercial CA or an organizational CA.