Preparing vCenter Server Certificates for Migration

You must verify that your source vCenter Server certificates are prepared before you start the migration process.

The instructions apply to vCenter Server 5.5 source deployments.

In vSphere 6.0 and later certificates are stored in the VMware Endpoint Certificate Store. The migration process proceeds normally and preserves your certificates. For information about vCenter Server 6.0 certificates location, see http://kb.vmware.com/kb/2111411

Certificate Files Location

The vCenter Server certificate files are located at %ProgramData%\VMware\VMware VirtualCenter\SSL

Supported Certificate Types

If your environment uses any of the supported certificate types, you can continue with the migration. The migration process proceeds normally and preserves your certificates.

Your rui.crt file contains the entire chain including the leaf certificate. You can create this type of certificate by deploying and using the VMware SSL Certificate Automation Tool, see http://kb.vmware.com/kb/2057340.
Your rui.crt file contains the leaf certificate and the corresponding cacert.pem is available in %ProgramData%\VMware\VMware VirtualCenter\SSL to validate the rui.crt.

Unsupported Certificate Types

If your environment uses any of the unsupported certificate types, you must prepare your certificates before you can proceed with the migration process proceeds.

Your rui.crt contains only the leaf certificate, the cacert.pem is missing or invalid, and cacert.pem is not added to the Windows trust store.
Get the Certificate Authority certificate, including all intermediate certificates, and create a cacert.pem file, or replace the vCenter Server certificates with any of the supported formats.
Your rui.crt contains only the leaf certificate and the cacert.pem is missing or invalid, but the cacert.pem is added to the Windows trust store.
Get the Certificate Authority certificate, including all intermediate certificates from the Windows trust store and create cacert.pem. Use OpenSSL to verify the certificate by running verify -CAfile cacert.pem rui.crt command.

For more information about vSphere security certificates, see the vSphere Security documentation.