VMware Cloud Community
pargit
Enthusiast
Enthusiast
‎02-20-2020 05:42 AM
Jump to solution

Replace certificates after converge PSC

hi,

we recently upgraded our env (2 psc + 2 vc in linked mode) from 6.5u2 with external psc to 6.7u3 and then convereged the psc into the vc.

now i have issues with the certificates of the vc servers that still show the old psc's in the certificate, thus creating sso problems with vrops (even after i replaced the authentication source to point to the vc's), and i cannot login the vrops using sso (only with admin@vsphere...)

i want to know my options.

do i live like this and just swallow the frog?

should i replace the certificates with new self signed internal one?

should i generate certificate using our company internal CA (ad ca service)?

anything else?

thanks

mordechai

Tags (2)
Reply
0 Kudos
1 Solution

Accepted Solutions
msripada
Virtuoso
Virtuoso
‎02-20-2020 09:25 AM
Jump to solution

Yes, certificates will not be replaced and wil carry over which is expected. you can replace the vCenter certificates if required.

Note: Snap both vcenters before replacing the certificates

Have you decommissioned the PSCs?

Thanks,

MS

View solution in original post

Reply
0 Kudos
2 Replies
msripada
Virtuoso
Virtuoso
‎02-20-2020 09:25 AM
Jump to solution

Yes, certificates will not be replaced and wil carry over which is expected. you can replace the vCenter certificates if required.

Note: Snap both vcenters before replacing the certificates

Have you decommissioned the PSCs?

Thanks,

MS

Reply
0 Kudos
pargit
Enthusiast
Enthusiast
‎02-22-2020 11:03 PM
Jump to solution

Yes, i have dicomissioned both psc's.

i found this site for creating adcs certificates.

https://vmarena.com/replace-vcsa-6-7-certificate-vmca-by-an-adcs-signed-certificate/

Reply
0 Kudos