The machine SSL certificate on each node is used for cluster management communication and for encryption of replication traffic. If you want to use custom certificates, you have to remove the vCenter HA configuration, delete the Passive and Witness nodes, provision the Active node with the custom certificate, and reconfigure the cluster.

If possible, replace certificates in the vCenter Server Appliance that will become the Active node before you clone the node.

Procedure

  1. Edit the cluster configuration and select Remove.
  2. Delete the Passive node and the Witness node.
  3. On the Active node, which is now a standalone vCenter Server Appliance, replace the machine SSL Certificate with a custom certificate.
    See the Platform Services Controller Administration documentation.
  4. Reconfigure the cluster.