You can manage certificates for all user interface and API endpoints in a VMware Cloud Foundation instance, including integrating a certificate authority, generating and submitting certificate signing requests (CSR) to a certificate authority, and downloading and installing certificates.
This section provides instructions for using either:
- OpenSSL as a certificate authority, which is a native option in SDDC Manager.
- Integrating with Microsoft Active Directory Certificate Services.
- Providing signed certificates from another external Certificate Authority.
You can manage the certificates for the following components.
- vCenter Server
- NSX Manager
- SDDC Manager
- VxRail Manager
- vRealize Suite Lifecycle Manager
Note: Use vRealize Suite Lifecycle Manager to manage certificates for the other vRealize Suite components.
You replace certificates for the following reasons:
- A certificate has expired or is nearing its expiration date.
- A certificate has been revoked by the issuing certificate authority.
- You do not want to use the default VMCA-signed certificates.
- Optionally, when you create a new workload domain.
It is recommended that you replace all certificates after completing the deployment of the VMware Cloud Foundation management domain. After you create a new VI workload domain, you can replace certificates for the appropriate components as needed.