VMware Cloud Community
jasondanieladam
Contributor
Contributor
Jump to solution

How do I update GoDaddy Trusted Root cert?

Hi all.

So I am wracking my brain on this one. I've tried everything I could find between Google searches and VMWare's own documentation.

While I know it is not supported by VMWare, we have a wildcard cert (this predates me) on our vCenter (windows) 6.0 with embedded PSC.

This GoDaddy cert has officially expired.

I went on to GoDaddy's website, downloaded the TomCat version of the updated cert and have tried on multiple occasions using both the web interface and CLI to add the certificate. While it never gives me any error, in fact says it has successfully added it, it never-ever shows up.

I was thinking about removing the expired one and trying again, thinking that maybe it would make a difference, but quite frankly, I am terrified to do this without any real understanding of Certs.

I am not very familiar with Certificates regardless of it being VMWare or anything else. I just don't understand them.

What I can say is, this is a deprecated vCenter server for us which is only hosting 2-3 virtual machines as we've already migrated to a newer platform on all new hardware running 6.5. In fact, the newer vCenter doesn't even have a wild card cert. So with that, what would the repercussions be for removing this wildcard cert entirely and not even replacing it?

Could anyone out there help point me in the right direction?

Thank you so much in advance.

Reply
0 Kudos
1 Solution

Accepted Solutions
jburen
Expert
Expert
Jump to solution

If you import a certificate to vCenter you must have the corresponding private key as well. Without that private key you cannot add the certificate to vCenter. I think that is the reason it is not working with the GoDaddy certificate.

You can safely remove the expired certificate. As a matter of fact, you should remove an expired certificate: Removing Expired or Revoked Certificates and Logs from Failed Installations

And if you want a new certificate you can always regenerate the certificate in vCenter: VMware Knowledge Base

Consider giving Kudos if you think my response helped you in any way.

View solution in original post

Reply
0 Kudos
3 Replies
jburen
Expert
Expert
Jump to solution

If you import a certificate to vCenter you must have the corresponding private key as well. Without that private key you cannot add the certificate to vCenter. I think that is the reason it is not working with the GoDaddy certificate.

You can safely remove the expired certificate. As a matter of fact, you should remove an expired certificate: Removing Expired or Revoked Certificates and Logs from Failed Installations

And if you want a new certificate you can always regenerate the certificate in vCenter: VMware Knowledge Base

Consider giving Kudos if you think my response helped you in any way.
Reply
0 Kudos
jasondanieladam
Contributor
Contributor
Jump to solution

Fair enough. I will go ahead and remove the expired certificate.

Would there be any need to replace it, though?

Reply
0 Kudos
jburen
Expert
Expert
Jump to solution

If the vCenter is decommissioned I wouldn't bother...

Consider giving Kudos if you think my response helped you in any way.
Reply
0 Kudos