VMware Knowledge Base article 82227 details a shift in vSphere 7.0 Update 2 and later, moving Hostd configuration management from manual XML editing to a database-driven approach using /bin/configstorecli . Administrators must now export, edit, and re-apply settings via JSON files and restart the hostd service to apply changes. For detailed, official instructions, visit FindBugZero .
The SAN field explicitly lists all hostnames, IP addresses, and Fully Qualified Domain Names (FQDNs) for which a certificate is valid.
The VAMI GUI does not allow you to specify all advanced options (like keyUsage extensions). For production environments, the OpenSSL command-line method is strongly preferred.
VMware Knowledge Base article (titled "Generating a Certificate Signing Request (CSR) with proper Subject Alternative Name (SAN) for vCenter Server Appliance (VCSA)" ) is a critical resource for any administrator planning to replace VMware's self-signed certificates with those from an external Enterprise Certificate Authority (CA).