2V0-622 · Question #14
An administrator would like to use the VMware Certificate Authority (VMCA) as an Intermediate Certificate Authority (CA). The first two steps performed are: -Replace the Root Certificate -Replace Mach
The correct answer is A. Replace Solution User Certificates (Intermediate CA) C. Replace the VMware Directory Service Certificate. The VMCA Intermediate CA workflow has a defined sequence; after replacing the Root Certificate and Machine SSL Certificates, the administrator must replace Solution User Certificates (Intermediate CA) and the VMware Directory Service Certificate.
Question
An administrator would like to use the VMware Certificate Authority (VMCA) as an Intermediate Certificate Authority (CA). The first two steps performed are:
-Replace the Root Certificate -Replace Machine Certificates (Intermediate CA) Which two steps would need to be performed next? (Choose two.)
Options
- AReplace Solution User Certificates (Intermediate CA)
- BReplace the VMware Directory Service Certificate (Intermediate CA)
- CReplace the VMware Directory Service Certificate
- DReplace Solution User Certificates
How the community answered
(29 responses)- A79% (23)
- B7% (2)
- D14% (4)
Why each option
The VMCA Intermediate CA workflow has a defined sequence; after replacing the Root Certificate and Machine SSL Certificates, the administrator must replace Solution User Certificates (Intermediate CA) and the VMware Directory Service Certificate.
Solution User Certificates must be replaced using the Intermediate CA option so that service-to-service authentication certificates are signed by the new intermediate CA and chain back correctly to the updated trust anchor. Skipping this step would leave solution users with certificates not aligned to the new PKI hierarchy.
There is no 'Intermediate CA' variant for replacing the VMware Directory Service Certificate - that step uses a standard replacement procedure separate from the intermediate CA signing path.
The VMware Directory Service (vmdir) certificate is a special certificate used for LDAP replication and directory authentication, and it has its own dedicated replacement procedure. Unlike machine and solution user certificates, its replacement step does not carry an 'Intermediate CA' designation in the Certificate Manager workflow.
Replacing Solution User Certificates without the Intermediate CA designation would sign them under the default VMCA root rather than the new intermediate CA, creating an inconsistent and broken certificate chain.
Concept tested: VMCA Intermediate CA certificate replacement workflow order
Source: https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.authentication.doc/GUID-CE52F933-6BF6-4D41-9A26-2909EC57FEE2.html
Topics
Community Discussion
No community discussion yet for this question.