I just had to update the certificate on my VMware lab environments vCenter and searched for a good manual about this. I didn’t find one complete one so I decide to post one here.
Here we go:
- Login to SSH on the vCenter Server (you need to activate SSH if it is disabled)
- Type
shell
into the console. - Create a directory where we will store everything:
mkdir /tmp/cert
- Execute
chsh -s /bin/bash root
to make it possible to connect via WinSCP later on - Start the Certificate Manager:
/usr/lib/vmware-vmca/bin/certificate-manager
- Select the first option (“Replace Machine SSL certificate with custom certificate”)
- Enter the local administrator (i.e.
administrator@vsphere.local
) - Select the first option (“1. Generate Certificate Signing Request(s) and Key(s) for Machine SSL certificate”)
- Type the path to the folder we created in step 3 (
/tmp/cert
) - State the parameters of the Certificate. For the options “Name” and “Hostname” you need to state the FQDN of the server
- The CSR to create the certificate by your CA is stored in the output directory
- Download the CSR via WinSCP and create a certificate based on this. The certificate needs to be in Base64 format and you will need the public root certificate of your CA.
- Upload the Certificate and the root certificate to the
/tmp/cert
-Folder - Continue the dialog (option 1) of if you had some time between, you can start allover again and select option 2 after starting the certificate manager instead of option 1.
- Now you have to state the paths to the Certificate, the Key and the root certificate of your CA
- When this is done, the wizard will install the certificate. This takes a while and will reconfigure and restart almost all services.
Tested on vCenter 6.5 and vCenter 6.7