An ESXi host’s VMCA-Signed certificate has expired. How can the certificate be renewed?
A.
In the vSphere Web Client, browse to the host in question. Click the Manage tab and select settings. Select
System and click Certificate, then click the Renew button.
B.
In the vSphere Web Client, browse to the host in question. Click the Manage tab and select settings. Select
System and click Certificate, then click the Refresh CA Certificates button.
C.
Run the command /sbin/generate-certificates on the affected host.
D.
Disconnect the host from vCenter Server and reconnect it.
Explanation:
http://pubs.vmware.com/vsphere-60/index.jsp#com.vmware.vsphere.security.doc/GUIDECFD1A29-0534-4118-B762-967A113D5CAA.html
Correct answer is A,
https://docs.vmware.com/en/VMware-vSphere/6.0/com.vmware.vsphere.security.doc/GUID-ECFD1A29-0534-4118-B762-967A113D5CAA.html
Since the explanation clearly states as follows;
Renew or Refresh ESXi Certificates
If VMCA assigns certificates to your ESXi hosts (6.0 and later), you can renew those certificates from the vSphere Web Client. You can also refresh all certificates from the TRUSTED_ROOTS store associated with vCenter Server.
About this task
You can renew your certificates when they are about to expire, or if you want to provision the host with a new certificate for other reasons. If the certificate is already expired, you must disconnect the host and reconnect it.
By default, vCenter Server renews the certificates of a host with status Expired, Expiring immediately, or Expiring each time the host is added to the inventory, or reconnected.
Procedure
Browse to the host in the vSphere Web Client inventory.
Click the Manage tab and click Settings.
Select System, and click Certificate.
You can view detailed information about the selected host’s certificate.
Click Renew or Refresh CA Certificates.
Option
Description
Renew: Retrieves a fresh signed certificate for the host from VMCA.
Refresh CA Certificates : Pushes all certificates in the TRUSTED_ROOTS store in the vCenter Server VECS store to the host.
Click Yes to confirm.
2
2
A – OK
this description is for 6.0 in 6.5 is:
ESXi -> Configure -> System -> Certyficate
1
2
Sorry guys, it’s D
https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.security.doc/GUID-ECFD1A29-0534-4118-B762-967A113D5CAA.html
You can renew your certificates when they are about to expire, or if you want to provision the host with a new certificate for other reasons.
===
If the certificate is already expired, you must disconnect the host and reconnect it.
===
By default, vCenter Server renews the certificates of a host with status Expired, Expiring immediately, or Expiring each time the host is added to the inventory, or reconnected.
4
0
D If the certificate is already expired, you must disconnect the host and reconnect it.
1
0
D
Agree with the previous 2 comments.
0
0
D, is already expired.
2
0
Agree! EXPIRED!
1
0
If it wasn’t expired, A would be correct. As noted by some of the people above, since the certificate has already expired, the host must be reconnected. Answer is D
0
0
Reconnecting the host doesnt automatically renew or refresh the cert..
0
0
D.
If the certificate is already expired, you must disconnect the host and reconnect it.
By default, vCenter Server renews the certificates of a host with status Expired, Expiring immediately, or Expiring each time the host is added to the inventory, or reconnected.
Which means, when you disconnects a host, vCenter Server expires the cert associated to it immediately; then when you re-add it back vCenter server assign it a new cert.
0
0
Today I failed the VCP 6.5 , none of the above questions came. All questions were changed
0
0
Please can you confirm me is there is no question from this exam and how many questions
0
0
I passed with a 485/500 Enjoy this VCE i built guys:
https://drive.google.com/file/d/1lpCUr5e0aejxQKwQLBFDqh9j5kcW8eNP/view
115q (113 from this forum + 2 others i found). All answers are correct based of answers on this forum. Still study more! There was 10 new questions out of the 70 q in test.
3
0
Hi Dave,
Can you grant me the access to google drive?
Thx,
roven
0
0
Hi Dave,
Can you grant me the access to google drive?
Thx,
deep
0
0
Thanks Dave
0
0
Dave are you sure that all VCPDCV22F question are from this forum and they are 115 questions I am planing tu passe this examen please help
0
0
Hello Dave
can you send me a PDF File of your exam?
Thanks.
Perseus
0
0
D is correct
About this task
You can renew your certificates when they are about to expire, or if you want to provision the host with a new certificate for other reasons. If the certificate is already expired, you must disconnect the host and reconnect it.
https://docs.vmware.com/en/VMware-vSphere/6.0/com.vmware.vsphere.security.doc/GUID-ECFD1A29-0534-4118-B762-967A113D5CAA.html
0
0
Got 7 new questions below,
1. default vCenter admin
administrator@vsphere.local
2. vCenter HA network latency between Active, Passive, and Witness nodes must be less than 10 ms.
3. VMware DRS VM distribution
http://www.yellow-bricks.com/2016/10/19/vsphere-6-5-whats-new-drs/
4. Correct Sequence of updating PSC, VCSA & Migration Assistance
https://kb.vmware.com/s/article/2147686
5. Hybrid vSAN cluster ; 6 hosts in 3 racks ; avoid single rack cluster => create 3 fault domain
https://cormachogan.com/2015/04/20/vsan-6-0-part-8-fault-domains/
6. vCenter server converter to convert windows 8 physical machine:
7. Install software in VM not responding => disable VM acceleration
https://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vsphere.vm_admin.doc%2FGUID-DCD64163-24C5-4323-9BB1-4ACCBF18C84D.html
4
0