If you decide to use a new VMCA root certificate, and you unpublish the VMCA root certificate that was used when you provisioned your environment, you must replace the machine SSL certificates, solution user certificates, and certificates for some internal services.

Before you begin

Request a certificate for vmdir for your third-party or enterprise CA.

About this task

If you unpublish the VMCA root certificate, you must replace the SSL Signing Certificate that is used by vCenter Single Sign-On. See Refresh the Security Token Service Certificate. You must also replace the VMware Directory Service (vmdir) certificate.

Procedure

  1. Stop vmdir.

    Linux

    service-control --stop vmdird
    

    Windows

    service-control --stop VMWareDirectoryService
  2. Copy the certificate and key that you just generated to the vmdir location.

    Linux

    cp vmdir.crt /usr/lib/vmware-vmdir/share/config/vmdircert.pem
    cp vmdir.priv /usr/lib/vmware-vmdir/share/config/vmdirkey.pem
    

    Windows

    copy vmdir.crt C:\programdata\vmware\vCenterServer\cfg\vmdird\vmdircert.pem
    copy vmdir.priv C:\programdata\vmware\vCenterServer\cfg\vmdird\vmdirkey.pem
    
  3. Restart vmdir from the vSphere Web Client or using the service-control command.

    Linux

    service-control --start vmdird
    

    Windows

    service-control --start VMWareDirectoryService