Solved: How to properly apply certificate on VCSA 6.5 HA?

vadm168 · ‎08-27-2018

Hi,

I have a VCSA 6.5 HA set up and I'd like to apply *only machine SSL* certificate signed by Windows Enterprise CA. I know how to do it in standalone VCSA 6.5. My question is: do I just go through the same process of applying the machine SSL certificate onto the active node? What happens to the passive node? Will it get updated automatically as part of the sync from the active node?

thanks,

Vijay2027 · ‎08-28-2018

Set Up Your Environment to Use Custom Certificates

As per the docs you will have to remove vcha before you replace machine ssl certs.

View solution in original post

Vijay2027 · ‎08-27-2018

If you want to use custom certificates, you have to remove the vCenter HA configuration, delete the Passive and Witness nodes, provision the Active node with the custom certificate, and reconfigure the cluster.

vadm168 · ‎08-28-2018

Thanks for the tips, Vijay2027.

However, all I'd like to do is to install replace the self-generated machine SSL certificate with the one signed by internal enterprise CA. I don't want to touch those managed by VMCA. Do I have to delete the passive/witness nodes, apply the new certificate, and recreate the cluster? It seems to be extreme for just replacing the machine SSL certificate...

Vijay2027 · ‎08-28-2018

Set Up Your Environment to Use Custom Certificates

As per the docs you will have to remove vcha before you replace machine ssl certs.

vadm168 · ‎09-05-2018

I can't believe it's so tedious to just replace the machine SSL. Thanks Vijay2027 for the link.

Shanmguavadivel · ‎02-05-2021

Do we need to delete the vCenter HA before generating the certificate?

or only when we try to import the custom signed certificate, and then re-configure the vCenter HA?

Please advise,

Thanks

Shan

All

How to properly apply certificate on VCSA 6.5 HA?