You can use the SDDC Manager UI to manage certificates in a VMware Cloud Foundation instance, including integrating a certificate authority, generating and submitting certificate signing requests (CSR) to a certificate authority, and downloading and installing certificates.
Starting with VMware Cloud Foundation 5.2.1, you can also manage certificates using the vSphere Client.
This section provides instructions for the SDDC Manager UI to:
- Use OpenSSL as a certificate authority, which is a native option in SDDC Manager.
- Integrate with Microsoft Active Directory Certificate Services.
- Provide signed certificates from another external Certificate Authority.
You can manage the certificates for the following components.
- vCenter Server
- NSX Manager
- VMware Avi Load Balancer (formerly known as NSX Advanced Load Balancer)
- SDDC Manager
- VMware Aria Suite Lifecycle
Note: Use VMware Aria Suite Lifecycle to manage certificates for the other VMware Aria Suite components.
You replace certificates for the following reasons:
- A certificate has expired or is nearing its expiration date.
- A certificate has been revoked by the issuing certificate authority.
- You do not want to use the default VMCA-signed certificates.
- Optionally, when you create a new workload domain.
It is recommended that you replace all certificates after completing the deployment of the VMware Cloud Foundation management domain. After you create a new VI workload domain, you can replace certificates for the appropriate components as needed.
