vCenter

 View Only
  • 1.  Custom SSL Certificate

    Posted Sep 07, 2022 12:34 PM

    Hello VMware Community,

    My environment is currently using VMCA as the certificate authority however we have been tasked by Compliance to install custom certificates from our internal CA.

    I am trying to determine if we change in vCenter from VMCA to Custom Certificate Authority will that break anything. While VMware offers KBs, I remain a bit unclear as to how to perform this and make sure the remote sites (16+) are not impacted in a way that stop any services.

    Thanks for any insight.

    Edward



  • 2.  RE: Custom SSL Certificate

    Posted Sep 12, 2022 05:24 PM

    The process is fairly trivial

    BACKUP your vCenter first and I strongly advise you to power it off, take a cold snapshot then boot it back up. Powering off vCenter will not affect the running operations of your VMs

    You can have the VCSA generate the CSR for you, at which point is uses an embedded private key or you can generate your own. I went to GoDaddy and created the CSR there, got the private key during the creation.

    You then go to replace the cert in administration -> certificate management.  Paste in the public and private key and if you need to, the intermediates as well.  If there is something it does not like in the chain, it will complain.

    Once you do this and it is happy with the chain, it will restart all vCenter services. vCenter will have a brief outage until evertyhing comes back up. You can login to the VAMI interface on port 5480 to monitor the services being restarted.

    Confirm you can access the site without any errors, then purge your snapshot , or roll back if it blew up on you. No downtime to any f your VMs, only vCenter itself is temporarily affected.