Replacing machine certificates
The HTTP reverse proxy service uses an SSL certificate on Platform Services Controllers (PSC) on all the management nodes and in embedded deployment. You need to provide the following information when replacing SSL certificates using vSphere Certificate Manager:
Administrator password of vSphere
Custom certificate authority file
Custom SSL certificate file
Custom SSL key file
A certificate must be in CRT format and x509 version 3. Its key size should be 2048 bits or more and it should be encoded in PEM format. The certificate's SubjectAltName should consist of DNS Name = Machine.FQDN. Further, it should also contain key usages digital signature, key encipherment, and non-repudiation:
Go to the
/usr/lib/vmware-vmca/bindirectory and run Certificate-Manager:./certificate-managerSelect the first option: Replace Machine SSL certificate with Custom Certificate.
The certificate-manager utility will ask for your vCenter Server SSO password. Enter the password when prompted...
