When deploying a new VMware Cloud Foundation (VCF) 9.0 Fleet, the VCF Installer will automatically retrieve the fingerprint for each of the ESXi hosts that you have added and have you confirm that they actually match your ESXi hosts.
For automated VCF deployments, you can provide a JSON manifest that fully describes your VCF 9.0 deployment and by default, the VCF Installer will expect the ESXi fingerprints to be included or validation will fail.
So what are these fingerprint values and how do you retrieve them like the VCF Installer?
The fingerprints are SSL Thumbprints (SHA256) based on the FQDN of the ESXi hosts and you can easily retrieve them by using OpenSSL client with the following command:
echo | openssl s_client -connect sfo01-m01-r01-esx01.sfo.rainpole.io:443 2>/dev/null | openssl x509 -noout -fingerprint -sha256 | cut -d= -f2
Once you have gathered all the SSL Thumbprints for your ESXi hosts, then you can include a new property called sslThumbprint in your VCF deployment JSON and then pass that into VCF Installer UI or API.
Note: For lab or PoC environment where you do NOT wish to include the SSL Thumbprint, you can bypass the validation check by adding skipEsxThumbprintValidation to the VCF deployment JSON as shown in this example HERE.
Thanks for the comment!