By default, virtual infrastructure management components use TLS/SSL certificates that are signed by the VMware Certificate Authority (VMCA). In this design, you replace user-facing certificates with certificates that are signed by a Microsoft Certificate Authority (CA).
About this task
Infrastructure administrators connect to different SDDC components, such as vCenter Server systems or a Platform Services Controller from a Web browser to perform configuration, management and troubleshooting. The authenticity of the network node to which the administrator connects must be confirmed with a valid TLS/SSL certificate.
You can use other Certificate Authorities according to the requirements of your organization. You do not replace certificates for machine-to-machine communication. If necessary, you can manually mark these certificates as trusted. You will be replacing the certificates in the following order
Management vCenter Server
Compute vCenter Server
Management NSX Manager
Compute NSX Manager