VMware Validated Design Certificate Replacement provides step-by-step instructions about replacing certificates on all management components of a running Software-Defined Data Center (SDDC) whose design follows this VMware Validated Design™ for Software-Defined Data Center.

In an SDDC, the security of the environment depends on the validity and trust of the management certificates. As a best practice, you replace management certificates in the following cases:

  • Before certificates expire

  • When a certificate is compromised.

  • When the attributes related to a certificate change, for example, the host name or organization name.

The certificate replacement process consists of the following phases:

  1. Obtain certificates for the management components that are signed by a custom certificate authority (CA)

    1. Use the VMware Validated Design Certificate Generation utility to automatically generate the certificates for all components.

    2. Manually generate Certificate Signing Requests (CSRs) and request CA-signed certificates providing the CSRs to the CA.

  2. Replace the certificates in the live SDDC environment.

Intended Audience

The VMware Validated Design Certificate Replacement documentation is intended for cloud architects, infrastructure administrators, cloud administrators and cloud operators who are familiar with and want to use VMware software to deploy in a short time and manage an SDDC that meets the requirements for capacity, scalability, backup and restore, and disaster recovery.

Required Software

VMware Validated Design Certificate Replacement is compliant and validated with certain product versions. See VMware Validated Design Release Notes for more information about supported product versions.