The data that travels between clients and ESXi hosts is encrypted to ensure that the transactions are private and authenticated. The SSL is used to create a secure connection between the clients, ESXi hosts, and/or the vCenter Server. SSL uses TCP/IP and allows SSL-enabled ESXi hosts and/or vCenter Server to authenticate with SSL-enabled clients.
When an ESXi host or vCenter Server is installed, the installation includes SSL certificates. These preinstalled, auto generated certificates are not from an official certificate authority (CA), but they can be used to establish an initial connection.
The vCenter Server uses an SSL certificate when adding ESXi hosts and to connect to managed ESXi hosts whose passwords are stored in the vCenter Server database. After an authenticated encrypted connection is established, a smaller session key is encrypted and exchanged using public and private key pairs.
This shared session key is then used to encrypt and decrypt the data between client and server.… Read More