Hi,
I'm trying to implement a new vSphere 6.0 infrastructure. My architecture has two PSC servers (external) which is part of a single SSO. The servers are using Windows 2012R2.
I've installed the role in one PSC box and trying to install it in the second box. When tried to add to an existing SSO domain, I've received the attached information. The certificate of the first PSC was generated by VMCA.
Since my company has Microsoft PKI setup, I'm not planning to using VMCA for my vSphere components. So, I've cancelled the installation of PSC in the second box and changed the certificate to a custom one (generated by my Microsoft RootCA). This change was done by following the below link (Step 1 : Replace Machine SSL Certificate with Custom Certificate).
https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2112277
The change was successful. But still when I try to add the second PSC box to the existing SSO domain, the machine certificate of the first PSC is the same (provided by VMCA).
- Is this expected ?
- Do I need to change Solution User certificate as well ?
- Do I need to make the VMCA a subordinate under my Microsoft root CA.
Please help.