ESXi: esxi-8.logs-remote-tls-x509

Information

The ESXi host must use strict x509 verification for TLS-enabled remote logging endpoints. This "x509-strict" option performs additional validity checks on CA root certificates during verification.

Solution

Get-VMHost -Name $ESXi | Get-AdvancedSetting Syslog.global.certificate.strictX509Compliance | Set-AdvancedSetting -Value TRUE

See Also

https://github.com/vmware/vcf-security-and-compliance-guidelines/raw/refs/heads/main/security-configuration-hardening-guide/vsphere/8.0/