You can generate a CSR and signed certificates and install them for selected resource components directly in the SDDC Manager Dashboard.

Prerequisites

Procedure

  1. In the SDDC Manager Dashboard, click Inventory > Workload Domains.
    The Workload Domains page displays information for all workload domains.
  2. In the list of domains, click the name of the workload domain to open the details page for that domain.
    The workload domain details page displays CPU, memory, and storage allocated to the domain.
  3. Select the Security Tab.
    This tab lists the default certificates, among other details, for the Cloud Foundation resource components. It also provides controls for working with certificates.
    Note: You can view the current certificate and key information for a component by clicking the down-arrow icon next to the name.
  4. Generate the CSR.
    1. Use the check boxes to select the resource components for which you want to generate the CSR.
    2. Click Generate CSRS.
      The Generate CSRs dialog box opens.
    3. Configure the following settings for the CSR.
      Option Description
      Algorithm Select the key type for the certificate. RSA (the default) is typically used. The key type defines the encryption algorithm for communication between the hosts.
      Key Size Select the key size (2048 bit, 3072 bit, or 4096 bit) from the drop-down menu.
      Email Optionally, enter a contact email address.
      Organizational Unit Use this field to differentiate between divisions within your organization with which this certificate is associated.
      Organization Type name under which your company is legally registered. The listed organization must be the legal registrant of the domain name in the certificate request.
      Locality Type the city or locality where your company is legally registered.
      State or Province Name Type the full name (do not abbreviate) of the state, province, region, or territory where your company is legally registered.
      Country Type the country name where your company is legally registered. This value must use the ISO 3166 country code.
    4. Click Generate CSR.
    The Generate CSRs dialog box closes. The Security tab displays a status of CSR Generation is in progress. When the CSR generation completes, the Generate Signed Certificates button becomes active.
  5. Generate the signed certificates.
    1. Leave all the resource components selected.
    2. Click Generate Signed Certificates.
      The Generate Signed Certificates dialog box appears, listing the selected components.
    3. For the Select Certificate Authority, select the desired authority, and click Generate Certificate.
    The Generate Signed Certificates dialog box closes. The Security tab displays a status of Certificates Generation is in progress. When the certificate generation completes, the Install Certificates button becomes active.
  6. Click Install Certificates.
    The Security tab displays a status of Certificates Installation is in progress.
    Note: As installation completes, the Certificates Installation Status column for each selected resource component in the list changes to Successful with a green check mark.
    Important: If you selected SDDC Manager as one of the resource components, you must manually restart SDDC Manager services to reflect the new certificate and to establish a successful connection between VMware Cloud Foundation services and other resources in the management domain.
  7. Restart all services using the provided sddcmanager_restart_services.sh script.
    To restart the service:
    1. Using SSH, log in to the SDDC Manager VM with the following credentials:
      User name: vcf

      Password: use the password specified in the deployment parameter workbook.

    2. Enter su to switch to the root user.
    3. Run the following command: 
      sh /opt/vmware/vcf/operationsmanager/scripts/cli/sddcmanager_restart_services.sh