Replace the certificates of the pair of Platform Services Controller instances in Region B, for example, if the certificates have expired. Reconnect the Platform Services Controller pair to the vCenter Server and NSX Manager instances to update the certificates for vCenter Single Sign-on on these components.
Procedure
Direct Traffic to Compute Platform Services Controller in Region B Before you replace the certificate of the Platform Services Controller pair in Region B, disable the Platform Services Controller for the management cluster lax01m01psc01.lax01.rainpole.local in the load balancer to route all traffic to the Platform Services Controller for the shared edge and compute cluster lax01w01psc01.lax01.rainpole.local .
Replace the Platform Services Controller Certificates in Region B To establish a trusted connection with the other SDDC management components, you replace the machine SSL certificate on each Platform Services Controller instance in Region B with a custom certificate signed by the certificate authority (CA) available on the parent Active Directory (AD) server or on the intermediate Active Directory (AD) server.
Update Platform Services Controller Certificates on the Management Components in Region B After you replace the certificates on the Platform Services Controller instances in Region B, update the certificates on the vCenter Server and NSX Manager instances.
Re-Enable Compute Platform Services Controller on the Load Balancer in Region B After you replace the certificate on the Platform Services Controller instances in Region B, reenable load balancing the network traffic between them.
What to do next
If you replace the certificates of vCenter Server after those of the Platform Services Controllers, see Replace vCenter Server Certificates in Region B .