If you want to generate a new certificate that is provisioned by VMCA, or a new certificate that includes VMCA as a subordinate certificate, follow the steps in this topic.

Before you begin

You must have root or Administrator privileges on the system on which vSphere Authentication Proxy is running.

About this task

See Set Up vSphere Authentication Proxy to Use Custom Certificates if you want to use a custom certificate that is signed by a third-party or enterprise CA.

Procedure

  1. Make a copy of certool.cfg.
    cp /usr/lib/vmware-vmca/share/config/certool.cfg /var/lib/vmware/vmcam/ssl/vmcam.cfg
  2. Edit the copy with some information about your organization, as in the following example.
    Country = IE
    Name = vmcam
    Organization = VMware
    OrgUnit = vTSU
    State = Cork
    Locality = Cork
    Hostname = test-cam-1.test1.vmware.com
  3. Generate the new private key in /var/lib/vmware/vmcam/ssl/.
    /usr/lib/vmware-vmca/bin/certool --genkey --privkey=/var/lib/vmware/vmcam/ssl/rui.key --pubkey=/tmp/vmcam.pub --server=localhost

    For localhost, supply the FQDN of the Platform Services Controller.

  4. Generate the new certificate in /var/lib/vmware/vmcam/ssl/ using the key and vmcam.cfg file that you created in Step 1 and Step 2.
    /usr/lib/vmware-vmca/bin/certool --server=localhost --gencert --privkey=/var/lib/vmware/vmcam/ssl/rui.key --cert=/var/lib/vmware/vmcam/ssl/rui.crt --config=/var/lib/vmware/vmcam/ssl/vmcam.cfg

    For localhost, supply the FQDN of the Platform Services Controller.