You can replace the certificates for the following externally accessible Cloud Foundation components.

  • SDDC Manager

  • vCenter Server

  • Platform Services Controllers

  • NSX Manager

  • vRealize Log Insight

It is recommended that you replace all components right after deploying Cloud Foundation. After you create workload domains, you can replace certificates for the appropriate components.

To replace certificates, you first create a configuration file with the default certificate information for your company. You then generate new key pairs and certificates, and replace the default certificates with the new signed certificates.

Replacing signed certificates is a multi-step process and each step must be completed in the specified order.