Summary
PKI is based on digital certificates used for encrypting or signing data. SSL certificates are used to keep sensitive information sent between vSphere components encrypted so that only the intended recipient can decrypt it. CA signed certificates are used to prevent or reduce the risk of man-in-the-middle attacks. This chapter introduced vSphere 6's new VMCA and discussed how it could be used to alleviate some of the headache surrounding certificate management. We looked at multiple configurations, which include using VMCA signed certificates, using VMCA as an intermediate certificate authority, and using external certificate authority signed certificates, or a hybrid configuration. The Certificate Manager Utility is a command-line utility that assists with the certificate configuration process.
In the next chapter, we will further discuss securing a vSphere environment.
