Exam 2V0-21.23 topic 1 question 104 discussion

VMCA-Signed Certificates will be replaced by Custom Certificates So there is nothing to configure envolving VMCA. Pay attention to this document: https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-authentication/GUID-4469A6D3-048A-471C-9CB4-518A15EA2AC0.html

B. Replace the machine SSL certificates with custom certificates generated from the Enterprise CA. This aligns with the requirement for all external traffic to be secured using certificates signed by an Enterprise CA. D. Replace the VMware Certificate Authority (VMCA) certificate with a custom certificate generated from the Enterprise CA. This eliminates the need for an intermediate CA (VMCA) in the certificate chain, fulfilling the second requirement.

A and B not E because VMCA would be intermediate which are specifically prohibited.

The correct answers are B and E because: B. Replace the machine SSL certificates with custom certificates generated from the Enterprise CA. This ensures that all external traffic is secured using certificates signed by the Enterprise Certificate Authority, fulfilling the third requirement. E. Replace the solution user certificates with self-signed certificates generated from the VMware Certificate Authority (VMCA). This minimizes the ongoing management overhead of replacing certificates because the VMCA automatically manages internal certificates, satisfying the first requirement. Additionally, since no intermediate certificate authorities are allowed in the certificate chain (second requirement), it is not appropriate to use the VMCA as an intermediate CA or replace its root certificate. Therefore, options B and E meet all the stated requirements.