The machine SSL certificate is used by the reverse proxy service on every management node, Platform Services Controller, and embedded deployment. Each machine must have a machine SSL certificate for secure communication with other services. You can use the vSphere Client to generate a Certificate Signing Request (CSR) for the machine SSL certificate and to replace the certificate once it is ready.
Prerequisites
The certificate must meet the following requirements:
- Key size: 2048 bits or more (PEM encoded)
- CRT format
- x509 version 3
- SubjectAltName must contain DNS Name=<machine_FQDN>.
- Contains the following Key Usages: Digital Signature, Key Encipherment
Generating a CSR for the machine SSL certificate is supported only on the vCenter Server Appliance. It is not supported on a Windows installation of vCenter Server.
Procedure
What to do next
When the Certificate Authority returns the certificate, replace the existing certificate in the certificate store. See Add Custom Certificates from the Platform Services Controller.