Replace the SSL certificate of the appliance

In an on-premises or in a cloud vCenter Server site, to replace the SSL certificate of the VMware Cloud Director Availability appliance, use its service management interface.

This procedure applies for any of the following appliance roles:

On-premises appliances roles:
- On-Premises to Cloud Director Replication Appliance
- On-Premises to Cloud vCenter Replication Appliance

Provider appliances:
- vCenter Replication Management Appliance
- For information about replacing the Replicator Appliance certificate, see Replace the SSL certificate of the Replicator Service.

For information about replacing the certificates in a cloud site backed by VMware Cloud Director, see Certificates management in the Cloud Director site.

Procedure

Log in to the management interface of the VMware Cloud Director Availability appliance.
1. In a Web browser, go to https://Appliance-IP-Address/ui/admin.
2. Select Appliance login or SSO login and enter the root or the single sign-on user credentials.
3. Click Login.
In the left pane, click Settings.
Under Appliance settings, next to Certificate replace the appliance certificate and click Apply.
- To import an SSL certificate, click Import and in the Import Certificate window, enter the certificate details.
1. Enter the password that protects the keystore and the certificate private key.
2. Click Browse and select the PKCS#12 file.
- Alternatively, to generate a new self-signed certificate, click Regenerate.
After replacing the certificate, the VMware Cloud Director Availability services that run in the appliance restart.

After replacing the certificate, redeploy the VMware Cloud Director Availability vSphere Client Plug-In by reapplying the vCenter Server Lookup service address.

Under Service endpoints, next to Lookup Service Address click Edit.
Enter the single-sign-on user credentials and click Apply.

Option	Description
SSO Admin Username	Enter the vSphereadministrator user name for the vCenter Server Lookup service that belongs to the ADMINISTRATORS group.
Password	Enter the vSphereadministrator user password for the vCenter Server Lookup service.

After replacing either or both of their certificates, repair the On-Premises to Cloud vCenter Replication Appliance and the vCenter Replication Management Appliance.

Skip this step after replacing the certificate of the On-Premises to Cloud Director Replication Appliance.

After replacing the local site certificate, to re-establish the trust log in to the appliance management interface of the remote site.
In the left pane, click Settings.
Under Site settings next to Pairing, click Repair.

To re-establish the trust with the site that has a replaced certificate, in the Update Pairing window confirm the Public Service Endpoint.

Option	Description
Service Endpoint	Enter the address of the Public Service Endpoint:443 of the remote VMware Cloud Director Availability appliance. Alternatively, enter port 8048 when both VMware Cloud Director Availability appliances reside in the same network.
Description	Optionally, enter a description for this vSphere site as an identifier.

Verify the thumbprint and accept the SSL certificate of the Public Service Endpoint in the remote vCenter Server site.

To re-establish the trust after replacing the remote site certificate, log in to the local site appliance management interface and repeat this step.