Replacing machine certificates

The HTTP reverse proxy service uses an SSL certificate on Platform Services Controllers (PSC) on all the management nodes and in embedded deployment. You need to provide the following information when replacing SSL certificates using vSphere Certificate Manager:

Administrator password of vSphere
Custom certificate authority file
Custom SSL certificate file
Custom SSL key file

A certificate must be in CRT format and x509 version 3. Its key size should be 2048 bits or more and it should be encoded in PEM format. The certificate's SubjectAltName should consist of DNS Name = Machine.FQDN. Further, it should also contain key usages digital signature, key encipherment, and non-repudiation:

Go to the /usr/lib/vmware-vmca/bin ...

Get VMware vSphere Troubleshooting now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

VMware vSphere Troubleshooting by Muhammad Zeeshan Munir

Replacing machine certificates

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly