How can the certificate be renewed?

An ESXi host’s VMCA-Signed certificate has expired. How can the certificate be renewed?

A.
In the vSphere Web Client, browse to the host in question. Click the Manage tab and select settings. Select
System and click Certificate, then click the Renew button.

B.
In the vSphere Web Client, browse to the host in question. Click the Manage tab and select settings. Select
System and click Certificate, then click the Refresh CA Certificates button.

C.
Run the command /sbin/generate-certificates on the affected host.

D.
Disconnect the host from vCenter Server and reconnect it.

Explanation:
http://pubs.vmware.com/vsphere-60/index.jsp#com.vmware.vsphere.security.doc/GUIDECFD1A29-0534-4118-B762-967A113D5CAA.html

Show Hint

← Previous question

Leave a Reply 17

vcsp

Correct answer is A,

https://docs.vmware.com/en/VMware-vSphere/6.0/com.vmware.vsphere.security.doc/GUID-ECFD1A29-0534-4118-B762-967A113D5CAA.html

Since the explanation clearly states as follows;

Renew or Refresh ESXi Certificates

If VMCA assigns certificates to your ESXi hosts (6.0 and later), you can renew those certificates from the vSphere Web Client. You can also refresh all certificates from the TRUSTED_ROOTS store associated with vCenter Server.

About this task
You can renew your certificates when they are about to expire, or if you want to provision the host with a new certificate for other reasons. If the certificate is already expired, you must disconnect the host and reconnect it.

By default, vCenter Server renews the certificates of a host with status Expired, Expiring immediately, or Expiring each time the host is added to the inventory, or reconnected.

Procedure
Browse to the host in the vSphere Web Client inventory.
Click the Manage tab and click Settings.
Select System, and click Certificate.
You can view detailed information about the selected host’s certificate.

Click Renew or Refresh CA Certificates.
Option

Description

Renew: Retrieves a fresh signed certificate for the host from VMCA.

Refresh CA Certificates : Pushes all certificates in the TRUSTED_ROOTS store in the vCenter Server VECS store to the host.

Click Yes to confirm.

AjaS

A – OK
this description is for 6.0 in 6.5 is:
ESXi -> Configure -> System -> Certyficate

cooldownearth

Sorry guys, it’s D

https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.security.doc/GUID-ECFD1A29-0534-4118-B762-967A113D5CAA.html

You can renew your certificates when they are about to expire, or if you want to provision the host with a new certificate for other reasons.
===
If the certificate is already expired, you must disconnect the host and reconnect it.
===
By default, vCenter Server renews the certificates of a host with status Expired, Expiring immediately, or Expiring each time the host is added to the inventory, or reconnected.

D If the certificate is already expired, you must disconnect the host and reconnect it.

Agree with the previous 2 comments.

Ema

D, is already expired.

J.O.

Agree! EXPIRED!

SPFC

If it wasn’t expired, A would be correct. As noted by some of the people above, since the certificate has already expired, the host must be reconnected. Answer is D

joo

Reconnecting the host doesnt automatically renew or refresh the cert..

infojami

If the certificate is already expired, you must disconnect the host and reconnect it.

By default, vCenter Server renews the certificates of a host with status Expired, Expiring immediately, or Expiring each time the host is added to the inventory, or reconnected.

Which means, when you disconnects a host, vCenter Server expires the cert associated to it immediately; then when you re-add it back vCenter server assign it a new cert.

Today I failed the VCP 6.5 , none of the above questions came. All questions were changed

Dave

I passed with a 485/500 Enjoy this VCE i built guys:

https://drive.google.com/file/d/1lpCUr5e0aejxQKwQLBFDqh9j5kcW8eNP/view

115q (113 from this forum + 2 others i found). All answers are correct based of answers on this forum. Still study more! There was 10 new questions out of the 70 q in test.