The VMware Certificate Authority (VMCA) is the default root certificate authority introduced in vSphere 6.0 that supplies the certificates to ensure secure communication over SSL between vCenter Server components and ESXi nodes in the virtualized infrastructure.
The VMCA is included in the Platform Services Controller and provides certificates for solution users, machines that have running services, and ESXi hosts. Administrators can refresh and renew certificates from the vSphere Web Client.
An ESXi host gets a signed certificate, stored locally on the server, from the VMCA when the host is added to vCenter Server.
For environments that require a different root certificate authority, an administrator must change the option in vCenter Server to stop automatically provisioning VMCA certificates to ESXi hosts.