Hi,
I have a VCSA 6.5 HA set up and I'd like to apply *only machine SSL* certificate signed by Windows Enterprise CA. I know how to do it in standalone VCSA 6.5. My question is: do I just go through the same process of applying the machine SSL certificate onto the active node? What happens to the passive node? Will it get updated automatically as part of the sync from the active node?
thanks,
Set Up Your Environment to Use Custom Certificates
As per the docs you will have to remove vcha before you replace machine ssl certs.
If you want to use custom certificates, you have to remove the vCenter HA configuration, delete the Passive and Witness nodes, provision the Active node with the custom certificate, and reconfigure the cluster.
Thanks for the tips, Vijay2027.
However, all I'd like to do is to install replace the self-generated machine SSL certificate with the one signed by internal enterprise CA. I don't want to touch those managed by VMCA. Do I have to delete the passive/witness nodes, apply the new certificate, and recreate the cluster? It seems to be extreme for just replacing the machine SSL certificate...
Set Up Your Environment to Use Custom Certificates
As per the docs you will have to remove vcha before you replace machine ssl certs.
I can't believe it's so tedious to just replace the machine SSL. Thanks Vijay2027 for the link.
Do we need to delete the vCenter HA before generating the certificate?
or only when we try to import the custom signed certificate, and then re-configure the vCenter HA?
Please advise,
Thanks
Shan