Regenerate a new VMCA Root Certificate and replace...

JKKulsh · ‎07-23-2018

In vSphere -- we are at 6.5 -- what are the positives and negatives of doing "Regenerate a new VMCA Root Certificate and replace all certificates"? (KB# 2112283)

I am seriously considering doing this since we are getting a lot of certificate errors -- and when I do 'Download trusted root CA certificates' I get 8 certs files, but many of them just show "CA" as path, and cert corresponding to one vCenter server is totally missing. Thanks.

daphnissov · ‎07-23-2018

Just to be clear, what is the actual reason you want to replace the VMCA root certificate and regenerate? Is it only because you're "getting a lot of certificate errors" and don't know why or where to start troubleshooting? How to find the root cert in use to trust? Something else?

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net

JKKulsh · ‎07-23-2018

As I said, "when I do 'Download trusted root CA certificates' I get 8 certs files, but many of them just show "CA" as path, and cert corresponding to one vCenter server is totally missing." I also get certificate error when I try to pair up two sites in Site Recovery Manager. Thanks.

Vijay2027 · ‎07-24-2018

Based on "I also get certificate error when I try to pair up two sites in Site Recovery Manager" looks like there is thumbprint mismatch between machine ssl certificate and lookupservice url.

Is the setup an embedded node?

VMware Knowledge Base

JKKulsh · ‎07-24-2018

Not sure if I understand the question, but our PSC server is not embedded but separate. Also vRepl and SRM VMs are also independent machines.

My main question is if I can regenerate all certificates, without running into some new problems? Thanks.

All

Regenerate a new VMCA Root Certificate and replace all certificates?