If VMCA assigns certificates to your ESXi hosts (6.0 and later), you can renew those certificates from the vSphere Web Client. You can also refresh all certificates from the TRUSTED_ROOTS store associated with vCenter Server.
You can renew your certificates when they are about to expire, or if you want to provision the host with a new certificate for other reasons. If the certificate is already expired, you must disconnect the host and reconnect it.
By default, vCenter Server renews the certificates of a host with status Expired, Expiring immediately, or Expiring each time the host is added to the inventory, or reconnected.
- Browse to the host in the vSphere Web Client inventory.
- Click the Manage tab and click Settings.
- Select System, and click Certificate.
You can view detailed information about the selected host's certificate.
- Click Renew or Refresh CA Certificates.
Option Description Renew Retrieves a fresh signed certificate for the host from VMCA. Refresh CA Certificates Pushes all certificates in the TRUSTED_ROOTS store in the vCenter Server VECS store to the host.
- Click Yes to confirm.