Hi my name is Damian
So i have next trouble, i should renewal my certificate in my vcenter, because i saw in my browser certificate is expired.
I generate a new root ca certificate in my CA AD and i would like replace actually certificate for my new root certificate.
Question 1: Issued by other root CA allow import new Certificate?
Question 2: what is the impact import a new certificate to other Root CA?
Question 3: That solution resolved my expired certificate in browser?
Thanks a lot of.
Damian
Is the New TLS/SSL certificate for your vcenter server being signed by root ca certificate of your CA AD?
Yes is a root ca certificate issued by CA Active Directory
Hi,
Question 1: Issued by other root CA allow import new Certificate?
- Yes, the vcenter server machine SSL certificate can be signed by other root CA.
Question 2: what is the impact import a new certificate to other Root CA?
- There is no impact as such. When you replace the vcenter server machine SSL certificate, the signing cert(in this case, the external Active directory CA) will be added to the VECS store and the connections work seamlessly.
Question 3: That solution resolved my expired certificate in browser?
- Yes, But if the machine SSL certificate(the one that appears in the browser) is expired, please follow KB - https://kb.vmware.com/s/article/82332 .
"Custom certificates
If you have expired trusted root or SSL certificates it is recommended to get the system working again using the default VMware Certificate Authority certificates, then to re-apply your custom certificate, see Replacing a vSphere 6.x /7.x Machine SSL certificate with a Custom Certificate Authority Signed Cert... "
Regards,
Supreeth