After renewing the vCenter Server Lookup service certificate on a Platform Services Controller instance that is used as a replication or a migration source or destination, you must configure the VMware Cloud Director Availability components to trust the renewed certificate.

Prerequisites

  • Verify that the SSL certificate of the Platform Services Controller certificate is successfully renewed, and that the vCenter Server Lookup service is updated to use the renewed certificate. For information about replacing the SSL certificate on a Platform Services Controller, see VMware KB 2118939.
  • Verify that all components in your environment that depend on the vCenter Server registration in the vCenter Server Lookup service are configured to trust the renewed certificate. An example of such a component is NSX Manager.

Procedure

  1. Configure the Replicator Service to work with the renewed Platform Services Controller certificate.
    Repeat this step for all Replicator Service instances.
    1. In a Web browser, go to the Replicator Service management interface at https://Replicator-Appliance-IP:8440/ui/admin.
    2. Log in as the root user.
    3. In the left pane, click Settings.
    4. Under Service endpoints, next to Lookup service address click Edit.
    5. In the Lookup Service Details dialog box, enter the vCenter Server Lookup service address and click Apply.
      The details of the renewed vCenter Server Lookup service certificate appear.
    6. Verify the thumbprint and accept the renewed vCenter Server Lookup service certificate.
    7. In the left pane, click System Health.
    8. To complete the Replicator Service configuration, click Restart service.
  2. Configure the Manager Service to work with the renewed Platform Services Controller certificate.
    Repeat this step for all Manager Service instances.
    1. In a Web browser, go to the Manager Service service management interface at https://Replication-Manager-IP-address:8441/ui/admin.
    2. Log in as the root user.
    3. In the left pane, click Settings.
    4. Under Service endpoints, next to Lookup service address click Edit.
    5. In the Lookup Service Details dialog box, enter the vCenter Server Lookup service address and click Apply.
      The details of the renewed vCenter Server Lookup service certificate appear.
    6. Verify the thumbprint and accept the renewed vCenter Server Lookup service certificate.
    7. In the left pane, click System Health.
    8. To complete the Manager Service configuration, click Restart service.
  3. Configure the Cloud Service to work with the renewed Platform Services Controller certificate.
    Repeat this step for all Cloud Service instances.
    1. In a Web browser, go to the Cloud Service management interface at https://Cloud-Replication-Management-IP-address/ui/admin.
    2. Log in as the root user.
    3. In the left pane under Configuration, click Settings.
    4. Under Service endpoints, next to Lookup service address click Edit.
    5. In the Lookup Service Details dialog box, enter the vCenter Server Lookup service address and click Apply.
      The details of the renewed vCenter Server Lookup service certificate appear.
    6. Verify the thumbprint and accept the renewed vCenter Server Lookup service certificate.
    7. In the left pane, click System Health.
    8. To complete the Cloud Service configuration, click Restart service.
  4. If you are using a single sign-on login to Tunnel Service, configure the Tunnel Service to work with the renewed Platform Services Controller certificate.
    Repeat this step for all Tunnel Service instances.
    1. In a Web browser, go to the Tunnel Service management interface at https://Tunnel-Appliance-IP:8047/ui/admin.
    2. Log in as the root user.
    3. In the left pane, click Settings.
    4. Under Service endpoints, next to Lookup service address click Edit.
    5. In the Lookup Service Details dialog box, enter the vCenter Server Lookup service address and click Apply.
      The details of the renewed vCenter Server Lookup service certificate appear.
    6. Verify the thumbprint and accept the renewed vCenter Server Lookup service certificate.
    7. In the left pane, click System Health.
    8. To complete the Tunnel Service configuration, click Restart service.