VMware Validated Design Certificate Replacement provides step-by-step instructions about replacing certificates on all management components of a running Software-Defined Data Center (SDDC) whose design follows this VMware Validated Design™ for Software-Defined Data Center.

In an SDDC, the security of the environment depends on the validity and trust of the management certificates. As a best practice, you replace management certificates in the following cases:

  • Before certificates expire.
  • When a certificate is compromised.
  • When the attributes related to a certificate change.

    Ex: The host name or the organization name.

The certificate replacement process consists of the following phases:

  1. Obtain certificates for the management components that are signed by a custom certificate authority (CA)
    1. Use the VMware Validated Design Certificate Generation utility to automatically generate the certificates for all components.
    2. Manually generate Certificate Signing Requests (CSRs) and request CA-signed certificates providing the CSRs to the CA.

  2. Replace the certificates in the live SDDC environment.

Intended Audience

The VMware Validated Design Certificate Replacement documentation is intended for cloud architects, infrastructure administrators, cloud administrators and cloud operators who are familiar with and want to use VMware software to deploy in a short time and manage an SDDC that meets the requirements for capacity, scalability, backup and restore, and disaster recovery.

Required Software

VMware Validated Design Certificate Replacement is compliant and validated with certain product versions. See VMware Validated Design Release Notes for more information about supported product versions.

Update History

This VMware Validated Design Certificate Replacement is updated with each release of the product or when necessary.
Revision Description
24 AUG 2020 At VMware, we value inclusion. To foster this principle within our customer, partner, and internal community, we are replacing some of the terminology in our content. We have updated this guide to remove instances of non-inclusive language.
03 SEP 2019 Initial release.