If the user-facing certificates of the management components in the Consolidated SDDC are about to expire or are compromised, you replace them with certificates that are signed by a Microsoft or another certificate authority. You start from Platform Services Controller, vCenter Server and ESXi because these components are connected to the components in the operations management and cloud management layers.

About this task

Infrastructure administrators connect to different SDDC components, such as vCenter Server or Platform Services Controller from a Web browser to perform configuration, management and troubleshooting. The authenticity of the network node to which the administrator connects must be confirmed with a valid TLS/SSL certificate.

You do not replace certificates for machine-to-machine communication. If necessary, you can manually mark these certificates as trusted.