Re: Changing vCenter certificate

cakcan · ‎05-17-2022

Hello all,

We are planning to change our vCenter self-signed certificate (Machine SSL) with a new one signed by a 3rd party CA.

I have two questions:

1- In the vCenter certificate manager GUI, there is a field mentioning "Chain of trusted root certificates". Where can we obtain this trusted root certificate chain? Should we obtain it from our 3rd party CA? (Please see screenshot)

2- There is also field mentioning "Trusted Root Certificates". Should I add Trusted Root Certificates here? If yes, where can we obtain trusted root certificates? Should we obtain it from our 3rd party CA? (Please see screenshot)

Thank you.

stadi13 · ‎05-17-2022

Hi @cakcan

You need to request a new certificate for your vCenter including the chain as well as the root certificate. For the certificate request you can generate the CSR thorugh GUI

It's recommened to replace the certificate thorugh ssh session as during replacement the services will be restarted. A good blog how to do it can be found here: Replace VCSA 6.7 Certificate (VMCA) by an ADCS Signed Certificate (vmarena.com)

Regards

Daniel

All

Changing vCenter certificate

o