Ok, it's true 🙂
I have 2 subnet:
Subnet A with ip of physical machine
Subnet B with vm (Domain controller, dhcp, dns, certification authority....)
Subnet A and B do not communicate with each other.
The Vcenter have only local domain (vsphere.local) and ip, not FQDN configured on Vcenter and Esxi host.
I have Certification Authority on Subnet B (the vm's subnet).
The answer is: it's possible to use the Certification Authority to replace the certificate on vcenter, without any name and domain configured?
I think isn't possible because isn't joined on domain controller.
Thanks in advance
As long as you can generate the certificate with the IP in the common name field as well as SAN and transport that to the vCenter, you can replace the certificate. But you really should not have installed vCenter with an IP instead of an FQDN. It does not need to be joined to AD to replace a certificate.
BEcause when i try to replace the certificate, return the error
error 20 at 0 depth lookup:unable to get local issuer certificate
I try to investigate with kb, but i can't resolve.