To enable single-sign on user authentication to the VMware Cloud Director Availability services, or after replacing the vCenter Server Lookup service certificate that is used as a replication or a migration source or destination, configure the VMware Cloud Director Availability services to trust the updated certificate.

  • By default, only the Replicator Service instances allow singe sign-on user authentication. To allow single sign-on for the remaining services, configure them with the address of vCenter Server Lookup service.
  • After replacing the SSL certificate of the vCenter Server Lookup service, you must update all VMware Cloud Director Availability services configured with vCenter Server Lookup service to trust the updated certificate.

Prerequisites

  • Verify that the SSL certificate is successfully renewed, and that the vCenter Server Lookup service is updated to use the renewed certificate.
  • Verify that all infrastructure components in your environment that depend on the vCenter Server registration in the vCenter Server Lookup service are configured to trust the renewed certificate. An example of such a component is NSX Manager.

Procedure

  1. Configure the Replicator Service instance to work with the renewed vCenter Server Lookup service certificate.
    Repeat this step for all Replicator Service instances.
    1. In a Web browser, go to the Replicator Service management interface at https://Replicator-Appliance-IP-address/ui/admin.
    2. Log in as the root user.
    3. In the left pane, click Settings.
    4. Under Service endpoints, next to Lookup service address click Edit.
    5. In the Lookup Service Details dialog box, enter the vCenter Server Lookup service address and click Apply.
      The details of the vCenter Server Lookup service certificate appear.
    6. Verify the thumbprint and accept the renewed vCenter Server Lookup service certificate.
    7. In the left pane, click System Health.
    8. To complete the Replicator Service configuration, click Restart service.
  2. (Optional) If you are using a single sign-on login to the Cloud Service, configure it to work with the renewed vCenter Server Lookup service certificate.
    1. In a Web browser, go to the Cloud Service management interface at https://Cloud-Replication-Management-IP-address/ui/admin.
    2. Log in as the root user.
    3. In the left pane under Configuration, click Settings.
    4. Under Service endpoints, next to Lookup Service Address click Edit.
    5. In the Lookup Service Details dialog box, enter the vCenter Server Lookup service address and click Apply.
      The details of the vCenter Server Lookup service certificate appear.
    6. Verify the thumbprint and accept the renewed vCenter Server Lookup service certificate.
    7. In the left pane, click System Health.
    8. To complete the Cloud Service configuration, click Restart service.
  3. (Optional) If you are using a single sign-on login to the Manager Service, configure it to work with the renewed vCenter Server Lookup service certificate.
    1. In a Web browser, go to the Manager Service service management interface at https://Cloud-Replication-Management-IP-address:8441/ui/admin.
    2. Log in as the root user.
    3. In the left pane, click Settings.
    4. Under Service endpoints, next to Lookup Service Address click Edit.
    5. In the Lookup Service Details dialog box, enter the vCenter Server Lookup service address and click Apply.
      The details of the vCenter Server Lookup service certificate appear.
    6. Verify the thumbprint and accept the renewed vCenter Server Lookup service certificate.
    7. In the left pane, click System Health.
    8. To complete the Manager Service configuration, click Restart service.
  4. (Optional) If you are using a single sign-on login to the Cloud Tunnel Appliance, configure the Tunnel Service to work with the renewed vCenter Server Lookup service certificate.
    1. In a Web browser, go to the Cloud Tunnel Appliance management interface at https://Tunnel-Appliance-IP-address/ui/admin.
    2. Log in as the root user.
    3. In the left pane, click Settings.
    4. Under Service endpoints, next to Lookup Service Address click Edit.
    5. In the Lookup Service Details dialog box, enter the vCenter Server Lookup service address and click Apply.
      The details of the vCenter Server Lookup service certificate appear.
    6. Verify the thumbprint and accept the renewed vCenter Server Lookup service certificate.
    7. In the left pane, click System Health.
    8. To complete the Tunnel Service configuration, click Restart service.