If you want to use third-party certificates in your environment, you must add a trusted root certificate to the certificate store.

Prerequisites

Obtain the custom root certificate from your third-party or in-house CA.

Procedure

  1. From a Web browser, connect to the vSphere Web Client or the Platform Services Controller.

    Option

    Description

    vSphere Web Client

    https://vc_hostname_or_IP/vsphere-client

    Platform Services Controller

    https://psc_hostname_or_IP/psc

    In an embedded deployment, the Platform Services Controller host name or IP address is the same as the vCenter Server host name or IP address.

  2. Specify the user name and password for administrator@vsphere.local or another member of the vCenter Single Sign-On Administrators group.

    If you specified a different domain during installation, log in as administrator@mydomain.

  3. Log in as an administrator.
  4. Select Trusted Root Certificates, and click Add certificate.
  5. Click Browse and select the location of the certificate chain.

    You can use a file of type CER, PEM, or CRT.

What to do next

Replace the Machine SSL certificates and, optionally, the Solution User certificates with certificates that are signed by this CA.