Add ESXi hosts to VCSA 6.7 cluster: Unable to push CA certificates and CRLs to host

I just upgraded our VCSA to 6.7U3 and we’re moving from an older set of hosts to new hosts we just stood up which are also running 6.7. They’re all fresh installs running from SD cards, no hard drives.

I created a new cluster, turned DRS on and HA on (vSAN is off, since we’re not using it), then went to add the hosts and got the title error. Did some troubleshooting and similar errors were related to NTP settings, so on each host, I configured the NTP settings the same as the VCSA and started the services. Ran it again, it can see them (you get certificate warnings you have to accept and it shows the host/system/version details), but I still get the same error immediately. What do I need to do?

View Reddit by johnnybigglesView Source

Related Articles


  1. I had this problem recently as well – I tried making the suggested advanced option change to allow self signed certs — no change.


    However, what did fix it was not adding the host to the cluster – add it at the datacenter level, and then move it to the cluster. Try that and see if it helps you any.

Leave a Reply

Your email address will not be published. Required fields are marked *