You can add custom Machine SSL certificates and custom solution user certificates to the certificate store from the Platform Services Controller.

In most cases, replacing the machine SSL certificate for each component is sufficient. The solution user certificate remains behind a proxy.

Prerequisites

Generate certificate signing requests (CSRs) for each certificate that you want to replace. You can generate the CSRs with the Certificate Manager utility. Place the certificate and private key in a location that the Platform Services Controller can access.

Procedure

  1. From a Web browser, connect to the Platform Services Controller at https://psc_hostname_or_IP/psc.
    In an embedded deployment, the Platform Services Controller host name or IP address is the same as the vCenter Server host name or IP address.
  2. Specify the user name and password for [email protected] or another member of the vCenter Single Sign-On Administrators group.
    If you specified a different domain during installation, log in as administrator@ mydomain.
  3. To replace a machine certificate, follow these steps:
    1. Under Certificates, click Certificate Management.
    2. Select the Machine Certificates tab and click the certificate that you want to replace.
    3. Click Replace, and click Browse to replace the certificate chain, then click Browse to replace the private key.
  4. To replace the solution user certificates, follow these steps:
    1. Select the Solution User Certificates tab and click the first of the four certificates for a component, for example, machine.
    2. Click Replace, and click Browse to replace the certificate chain, then click Browse to replace the private key.
    3. Repeat the process for the other three certificates for the same component.

What to do next

Restart services on the Platform Services Controller. You can either restart the Platform Services Controller, or run the following commands from the command line:

Windows

On Windows, the service-control command is located at VCENTER_INSTALL_PATH\bin. 

service-control --stop --all 
service-control --start VMWareAfdService 
service-control --start VMWareDirectoryService 
service-control --start VMWareCertificateService
vCenter Server Appliance 
service-control --stop --all
service-control --start vmafdd 
service-control --start vmdird 
service-control --start vmcad