looking at whitepaper "VMWare vcenter Server 6.0 Deployment Guide" (attached)
Page 88 of this doc refers to Making the "VMware Certificate Authority" a "Subordinate Certificate Authority"
My question is : is this step a necessary step or not.
Background we are doing a very simple embedded installation (PSC and Vcenter on smae vm) using the Vcenter server appliance (Linux).
The way this section starts is: "
Certificate Management
In most cases, certificate replacement in vSphere 6.0 is not necessary. This is because the Platform Services
Controller contains the VMware Certificate Authority (VMCA), which issues certificate authority (CA) signed
certificates with a validity period of 10 years.
These certificates are issued to solution users—the users created when a solution such as vCenter Server,
vCenter Inventory Service, and so on, is registered with vCenter Single Sign-On—and are utilized as certificate
endpoints. These users are issued certificates instead of individual services. This enables the services associated
with a solution user to utilize the same certificate, substantially reducing the number of certificates required to
manage in the environment.
ESXi hosts are also issued certificates from the VMCA when the hosts are added to the vCenter Server inventory
or when vCenter Server is upgraded.
When certificates must be changed—such as when making the VMCA a subordinate of an existing enterprise CA
or when generating new solution user certificates after the VMCA mode has changed—the certificate manager
utility can be used."
I am a little confused by the line "in most cases certificate replacement in vSphere 6.0 in not necessary"
does that mean that the whole "Certificate Management" section starting on page 88 can be skipped?
Thank you in advance for any insight
"