Hi,
Question 1: Issued by other root CA allow import new Certificate?
- Yes, the vcenter server machine SSL certificate can be signed by other root CA.
Question 2: what is the impact import a new certificate to other Root CA?
- There is no impact as such. When you replace the vcenter server machine SSL certificate, the signing cert(in this case, the external Active directory CA) will be added to the VECS store and the connections work seamlessly.
Question 3: That solution resolved my expired certificate in browser?
- Yes, But if the machine SSL certificate(the one that appears in the browser) is expired, please follow KB - https://kb.vmware.com/s/article/82332 .
"Custom certificates
If you have expired trusted root or SSL certificates it is recommended to get the system working again using the default VMware Certificate Authority certificates, then to re-apply your custom certificate, see Replacing a vSphere 6.x /7.x Machine SSL certificate with a Custom Certificate Authority Signed Certificate "
Regards,
Supreeth