Retrieve the certificate chain file created by the Certificate Generation Tool (root64.cer). If the certificate chain has more than certificate, split the chain into multiple files such that each file has a single certificate.

If the root64.cer file is not available, obtain the certificate chain from vCenter Server by following steps 1 and 2 below. Ignore these steps if you have this file.


  1. SSH in to the SDDC Manager Controller VM.
  2. Type the following command.
    echo | openssl s_client -connect \
    vCenterHostName.local:443 \
    -showcerts -no_ign_eof > root64.cer

    The root64.cer file contains the certificates between the BEGIN and END lines.

  3. Save the root64.cer file in VI.
    :set ff=dos

    The file is saved as a DOS formatted file.

  4. Ignore the first section in the file. This is the server certificate, which is not part of the certificate chain. Save each subsequent section in a separate file. Note that the last certificate in the file is the root CA certificate while the other certificates are subordinate CA certificates.