In a multi-node environment that uses VMCA as an intermediate CA, you can replace the solution user certificates explicitly. First you replace the VMCA root certificate on the Platform Services Controller node, and then you can replace the certificates on the vCenter Server nodes to have the certificates signed by the full chain. You can also use this option to replace solution user certificates that are corrupt or about to expire.


  • Restart all vCenter Server nodes explicitly if you replaced the VMCA root certificate in a multi-node deployment.
  • You must know the following information to run Certificate Manager with this option.
    • Password for administrator@vsphere.local.
    • Host name or IP address of the Platform Services Controller if you are running on a vCenter Server system with an external Platform Services Controller.


  1. Start vSphere Certificate Manager and select option 6.
  2. Respond to the prompts.
    See the VMware knowledge base article at for more information.


vSphere Certificate Manager replaces all solution user certificates.