You can specify one or more component for certificate replacement.

The management domain contains the following VMs:

  • 2 PSC VMs

  • 1 vCenter Server VM

  • 1 NSX Manager VM

  • 3 vRealize Log Insight VMs

  • 1 SDDC Manager VM

Each workload domain contains 1 vCenter Server VM and 1 NSX Manager VM.

It is recommended that you replace the certificates on a workload domain right after you create a new workload domain (both vCenter Server and NSX Manager).

From then on, you can replace certificates as appropriate - all certificates for the management domain or workload domain, or some certificates on one or more domain. The following sections have some example configuration files.

Replace vCenter Server and NSX Manager Certificates on a Workload Domain

{
  "replacementScope" : {
				"replaceWorkloadDomain" : ["DomainName"],
  },
  "certificateDefaults" : {
    "countryName" : "US",
    "stateOrProvinceName" : "California",
    "localityName" : "Palo Alto",
    "organizationName" : "VMWare Inc.",
    "organizationUnitName" : "VMware IT department",
    "keySize" : 4096
  }
}

You can specify more than one workload domain.

Replace vRealize Log Insight Certificates on the Management Domain

{
  "replacementScope" : {
    "replaceManagementDomain" : true,
    "replaceComponents" : ["LOGINSIGHT"]
  },
  "certificateDefaults" : {
    "countryName" : "US",
    "stateOrProvinceName" : "California",
    "localityName" : "Palo Alto",
    "organizationName" : "VMWare Inc.",
    "organizationUnitName" : "VMware IT department",
    "keySize" : 4096
  }
}

Replace NSX Manager Certificate on a Workload Domain

{
  "replacementScope" : {
				"replaceWorkloadDomain" : ["DomainName"],
    "replaceComponents" : ["NSX"]
  },
  "certificateDefaults" : {
    "countryName" : "US",
    "stateOrProvinceName" : "California",
    "localityName" : "Palo Alto",
    "organizationName" : "VMWare Inc.",
    "organizationUnitName" : "VMware IT department",
    "keySize" : 4096
  }
}

You can specify more than one workload domain.