You can replace the certificate for the VMware Cloud Gateway when the certificate expires or when you want to use a certificate from another certificate provider.


Use this method of replacing the certificate only after Hybrid Linked Mode is enabled. If you need to replace the certificate on a VMware Cloud Gateway without Hybrid Linked Mode enabled, see Replace the Certificate for the VMware Cloud Gateway.

Generate certificate signing requests (CSRs) for each certificate you want to replace. Provide the CSR to your Certificate Authority. When the Certificate Authority returns the certificate, place it in a location that you can access from the VMware Cloud Gateway.


  1. In a web browser, go to http://cga-address/ui where cga-address is the IP address or FQDN of the VMware Cloud Gateway.
  2. Log in with your on-premises credentials.
  3. Navigate to the Certificate Management UI.
    1. From the Home menu, select Administration.
    2. Under Certificates, click Certificate Management.
  4. Enter your credentials and click Login and Manage Certificates.
  5. On the Machine SSL Certificate, select Actions > Replace.
  6. Click the browse button on the Certificate Chain and provide the path of the certificate chain file.
    This file should contain the machine SSL certificate, the Root CA certificate, and the entire chain of trust.
  7. Click the browse button on the private key and provide the private key for the certificate.
  8. Click Replace.

What to do next

When the certificate is successfully replaced, restart all services on the VMware Cloud Gateway. See