Using the vSphere Certificate Manager Utility
The vSphere Certificate Manager Utility is a command-line utility that allows for most certificate management tasks to be performed interactively by the administrator. The utility prompts for which task to perform, for any additional information, and then automatically stops and starts services, ultimately replacing the certificates.
Regenerating a new VMCA root certificate and replacing all certificates
Regenerating a new VMCA root certificate and replacing all certificates is useful in the event that the certificates have expired or compromised and new certificates need to be issued to the different vSphere components.
To begin:
- Console to the PSC virtual machine (in this case, it is an embedded deployment, meaning that the vCenter Server virtual machine is also the PSC virtual machine).
- Enable and launch BASH. To launch the Certificate Manager Utility enter
/usr/lib/vmware-vmca/bin/certificate-manager
(for a Windows vCenter Server, this is located...