You can manage certificates for all external-facing VMware Cloud Foundation component resources, including configuring a certificate authority, generating and downloading CSRs, and installing them. This section provides instructions for using either the built-in OpenSSL Certificate Authority, which is part of SDDC Manager, or a Microsoft Certificate Authority.
You can manage the certificates for the following components.
- vCenter Server
- NSX Manager
- SDDC Manager
- vRealize Suite Lifecycle Manager
- Certificate has expired or is close to expiring.
- Certificate has been revoked.
- You do not want to use the default VMCA certificate.
- Optionally, when you create a new workload domain.
However, it is recommended that you replace all certificates right after deploying VMware Cloud Foundation. After you create new workload domains, you can replace certificates for the appropriate components as needed.