After you use the VMware Validated Design Certificate Generation Utility (CertGenVVD) to generate certificates for the SDDC management components, replace the default VMware-signed certificate on vSphere Data Protection in Region B with the certificate that is generated by CertGenVVD.


Generate the Microsoft CA-signed certificate by using the CertGenVVD tool. See Use the Certificate Generation Utility to Generate Certificates Automatically in Region A.


  1. Copy the .keystore file that CertGenVVD tool generated to the /root folder on the vSphere Data Protection virtual appliance.

    You can use scp, FileZilla or WinSCP.

  2. Log in to the vSphere Data Protection appliance.
    1. Open an SSH connection to the virtual machine mgmt01vdp51.lax01.rainpole.local.
    2. Log in using the following credentials.



      User name




  3. Restart all vSphere Data Protection services by running the following commands.
    dpnctl stop all
    dpnctl start all
  4. Run the script to update the vSphere Data Protection server thumbprint displayed in the VM console welcome screen.