You can centrally manage trusted certificate thumbprints for external endpoints to securely connect to systems that use self-signed or untrusted SSL/TLS certificates. This capability helps you resolve certificate errors quickly while maintaining control over which endpoints are trusted.
This feature is useful in environments where external systems, such as hypervisors, don’t use certificates issued by a trusted certificate authority.
Key features
-
Centralized trust management: Store and manage certificate thumbprints in one place.
-
Explicit trust model: Only certificates with known thumbprints are trusted.
-
Simplified error resolution: Resolve TLS errors during endpoint onboarding.
-
Revocation support: Remove trust for certificates that are no longer valid.
-
Common validation framework: External connections use a shared mechanism to validate certificates.
How it works
When a connection to an external endpoint fails due to a TLS error, you can trust the certificate by adding its thumbprint to the trusted list.
After a thumbprint is stored:
-
Future connections are validated against the trusted list
-
Matching thumbprints are trusted
-
Non-matching thumbprints are denied
Supported workloads
-
VMware vSphere
-
VMware Cloud Director