You can replace your signed certificates when they expire.

For production environments, VMware strongly recommends that you replace the default certificate as soon as possible. The default TLS/SSL server certificate that is generated when you deploy an Access Point appliance is not signed by a trusted Certificate Authority.


  • New signed certificate and private key saved to a computer that you can access
  • Convert the certificate to PEM-format files and convert the .pem to one-line format. See Convert Certificate Files to One-Line PEM Format.


  1. In the administration console, click Select.
  2. In the Advanced Settings section, click the SSL Server Certificate Settings gearbox icon.
  3. In the Private Key row, click Select and browse to the private key file.
  4. Click Open to upload the file.
  5. In the Certificate Chain row, click Select and browse to the certificate chain file.
  6. Click Open to upload the file.
  7. Click Save.

What to do next

If the CA that signed the certificate is not well known, configure clients to trust the root and intermediate certificates.