I just had to update the certificate on my VMware lab environments vCenter and searched for a good manual about this. I didn’t find one complete one so I decide to post one here.

Here we go:

1. Login to SSH on the vCenter Server (you need to activate SSH if it is disabled)
2. Type shell into the console.
3. Create a directory where we will store everything: mkdir /tmp/cert
4. Execute chsh -s /bin/bash root to make it possible to connect via WinSCP later on
5. Start the Certificate Manager: /usr/lib/vmware-vmca/bin/certificate-manager 
6. Select the first option (“Replace Machine SSL certificate with custom certificate”)
7. Enter the local administrator (i.e. administrator@vsphere.local)
8. Select the first option (“1. Generate Certificate Signing Request(s) and Key(s) for Machine SSL certificate”)
9. Type the path to the folder we created in step 3 (/tmp/cert)
10. State the parameters of the Certificate. For the options “Name” and “Hostname” you need to state the FQDN of the server
11. The CSR to create the certificate by your CA is stored in the output directory
12. Download the CSR via WinSCP and create a certificate based on this. The certificate needs to be in Base64 format and you will need the public root certificate of your CA.
13. Upload the Certificate and the root certificate to the /tmp/cert-Folder
14. Continue the dialog (option 1) of if you had some time between, you can start allover again and select option 2 after starting the certificate manager instead of option 1.
15. Now you have to state the paths to the Certificate, the Key and the root certificate of your CA
16. When this is done, the wizard will install the certificate. This takes a while and will reconfigure and restart almost all services.

Tested on vCenter 6.5 and vCenter 6.7