VMware Cloud Community
mathewdsa
Enthusiast
Enthusiast
‎06-08-2023 07:48 AM

vCenter Certificates in Enhanced Linked Mode

I have 4 vCenters ver7.03 in ELM and each has it's own machine cert expiring at a different time.

  • All certs were issued by an internal Windows CA and the Root and Sub were imported previously as part of the chain.
  • I now need to renew othe cert on one of the 4 vCenters.

My question is, will that one cert renewal have any kind of impact on the other 3 vCenters that I should be prepared for? Any best practices and something you encountered previously? We have other solutions that communicate with this vCenter like SRM, vSphere replication, Storage array plugins for monitoring, automation, orchestrator, etc.

Thanks very much.

0 Kudos
2 Replies
Ajay1988
Expert
Expert
‎06-09-2023 12:11 AM

Should have no impact . But better to have the certs on same dates as they are in ELM and it is suggested to have cold snapshots of all VC's before changes.
https://kb.vmware.com/s/article/85662

Solutions registered with vCenter might have to be re-registered again to VC so that new certificate exchange/handshake happens.

If you think your queries have been answered
Mark this response as "Correct" or "Helpful".

Regards,
AJ
mannharry
Hot Shot
Hot Shot
‎06-09-2023 04:34 AM

Hello , 

  • You can refer the KB article to replace the custom Machine SSL certificate :https://kb.vmware.com/s/article/2097936
  • Certificate manager , option:1
  • You need to have pem file and Key available as it will be needed , so it will ask for location.
  • For external components such as SRM , vSphere Replication , new machine ssl Certificate need to be added into SRM DB for trust purpose .
  • Any other components you can just reconfigure the VC endpoint,
  • Cold snapshots are must for this activity .

 

Regards

Harry