VxRail Manager is deployed with a “self-signed” certificate by default. The default certificate provided with VxRail Manager is likely to be triggered as “untrusted” by most web browsers, depending on security settings. It is considered best practice to replace the default self-signed certificate with one that is signed by your organization's root Certification Authority (CA) for production VxRail environments.
The certificates in VxRail are configured with an expiration. Certificate replacement can be performed manually, or auto-renewed starting with VxRail version 7.0.350. When auto-renewal is enabled, VxRail Manager will automatically contact the certificate authority for new certificates before the expiration date.