vCenter

 View Only
  • 1.  vCenter Certificates in Enhanced Linked Mode

    Posted Jun 08, 2023 02:49 PM

    I have 4 vCenters ver7.03 in ELM and each has it's own machine cert expiring at a different time.

    • All certs were issued by an internal Windows CA and the Root and Sub were imported previously as part of the chain.
    • I now need to renew othe cert on one of the 4 vCenters.

    My question is, will that one cert renewal have any kind of impact on the other 3 vCenters that I should be prepared for? Any best practices and something you encountered previously? We have other solutions that communicate with this vCenter like SRM, vSphere replication, Storage array plugins for monitoring, automation, orchestrator, etc.

    Thanks very much.



  • 2.  RE: vCenter Certificates in Enhanced Linked Mode

    Broadcom Employee
    Posted Jun 09, 2023 07:12 AM

    Should have no impact . But better to have the certs on same dates as they are in ELM and it is suggested to have cold snapshots of all VC's before changes.
    https://kb.vmware.com/s/article/85662

    Solutions registered with vCenter might have to be re-registered again to VC so that new certificate exchange/handshake happens.



  • 3.  RE: vCenter Certificates in Enhanced Linked Mode

    Posted Jun 09, 2023 11:34 AM

    Hello , 

    • You can refer the KB article to replace the custom Machine SSL certificate :https://kb.vmware.com/s/article/2097936
    • Certificate manager , option:1
    • You need to have pem file and Key available as it will be needed , so it will ask for location.
    • For external components such as SRM , vSphere Replication , new machine ssl Certificate need to be added into SRM DB for trust purpose .
    • Any other components you can just reconfigure the VC endpoint,
    • Cold snapshots are must for this activity .

     

    Regards

    Harry