Explanation/Reference:
Explanation:
B-) ESXi hosts that are upgraded from vSphere 5.x to vSphere 6.0 will continue using their Certificate Authority signed certificates if they were replaced in the previous versions. However, ESXi 5.x hosts that were running self-signed certificates and then upgraded to vSphere 6.0 will have their certificates regenerated using VMware-signed.
For more info link:
https://kb.vmware.com/selfservice/microsites/search.do?
language=en_US&cmd=displayKC&externalId=2113926
C-) In vSphere 6.0, VMware tried to address SSL certificates in a different manner. It introduced a new component called the "Platform Services Controller." The Platform Services Controller includes a fully-functional certificate authority, called the VMware Certification Authority (VMCA), that automatically manages the certificates used in vCenter and the ESXi hosts.
There are two steps to complete. First, you need to retrieve the root certificate from vCenter and convert it into something usable. Once you've done that, you need to deploy it as a Trusted Root Certificate. The easiest way to do this with multiple computers is to use Group Policy. Here are the steps to retrieve the certificate:
1.Open your Web browser.
2.Navigate to https://<fqdn of vcenter>
3. In the lower right-hand corner, click the Download Trusted Root CA link.------ for more:
https://pubs.vmware.com/vsphere-60/index.jsp#com.vmware.vsphere.security.doc/GUID-C91AFFAD- A830-4BBE-BF7C-F779A3AD03F1.html?resultof=%2522%2573%2573%256c%2522%2520