View Only
  • 1.  Backup and Restore of vCenter Certificates

    Posted Sep 15, 2020 07:48 PM


    I am currently tasked with migrating a vCenter for Windows 6.5 installation to VCSA 6.7.

    Part of the instructions within VMware's documentation for this specific procedure mentions backing up the SSL certificates in the vCenter Server.

    However, where are the certificates specifically on disk?

    I saw the directory C:\ProgramData\VMware\VMware VirtualCenter\SSL mentioned, but on my machine C:\ProgramData\VMware\VMware VirtualCenter\ is empty, and I was under the impression that directory was for vCenter 5.X anyway.

    Looking in ProgramData\VMware\vCenterServer, I do see some rui.crt and rui.key files scattered in a few directories.

    But nowhere are the certificates centralized in one location.

    Surely the process isn't painstakingly using vecs-cli to export each certificate individually, and then using the same utility on VCSA to individually import them?

    I'm convinced I'm just looking in the wrong directory, using the wrong command, or missing some simple process to do this.

    How does one backup and restore the SSL certificates themselves?

  • 2.  RE: Backup and Restore of vCenter Certificates
    Best Answer

    Broadcom Employee
    Posted Sep 16, 2020 12:58 AM


    Please refer this article to export certificates using vecs-cli --> VMware Knowledge Base

    A snapshot should be good enough before the migration/upgrade to 6.7. If your vCenter is configured with embedded PSC and is part of enhanced linked mode, ensure snapshot of all servers in linked mode are taken in powered off state:

    1. Make a note of ESXi host where the vCenter VM is running

    2. Power off all vCenter VMs in linked mode

    3. Connect directly to ESXi hosts and take a snapshot of all vCenter VMs

    If this is a standalone vCenter, a regular online snapshot would work

    Hope that helps

  • 3.  RE: Backup and Restore of vCenter Certificates

    Posted Sep 16, 2020 12:42 PM

    Okay, I wasn't sure if a snapshot was enough beings that the documentation explicitly mentions backing up your certificates.

    I was already aware of vecs-cli but wasn't sure if that was correct route.

    Marked your answer as correct, ashilkrishnan.