The security of your environment depends on the validity and trust of the SDDC components certificates. After you deploy and configure the HCX Connector appliance to your VMware Cloud Foundation instance, you replace the component certificate if the certificate is expiring or compromised, or some of the certificate attributes, such as the host or organization name, must be changed.
For information on the certificate management design for the Cloud-Based Workload Protection forVMware Cloud Foundation validated solution, see Certificate Management Design for Cloud-Based Workload Protection for VMware Cloud Foundation.
Replace the Certificate of the HCX Connector Appliance for Cloud-Based Workload Protection for VMware Cloud Foundation
If the HCX Connector Appliance certificate is expiring or compromised, or some of the certificate attributes, such as the host or organization name, must be changed, you update the HCX Connector Appliance.
The certificate replacement for the HCX Connector appliance consists of two phases - obtaining the HCX Connector appliance certificate and then, replacing the certificate on the appliance. You can generate the certificate either automatically or manually.
Procedure
Obtain the certificate for the HCX Connector appliance that is signed by a certificate authority (CA).
Automatic Process Manual Process Use the Certificate Generation Utility for VMware Validated Solutions to automatically generate the certificate for the HCX Connector appliance.
Manually generate Certificate Signing Requests (CSRs) and request CA-signed certificate providing the CSRs to the CA.
- Replace the certificate on the HCX Connector appliance.
Note: For step-by-step instructions on replacing the HCX Connector appliance certificate, see Replace the Certificate of the HCX Connector Appliance for Cloud-Based Workload Protection for VMware Cloud Foundation.