The machine SSL certificate is used by the reverse proxy service on every vCenter Server node. Each machine must have a machine SSL certificate for secure communication with other services. You can use the vSphere Client to generate a Certificate Signing Request (CSR) for the machine SSL certificate and to replace the certificate once it is ready.
Prerequisites
The certificate must meet the following requirements:
- Key size: 2048 bits (minimum) to 16384 bits (maximum) (PEM encoded)
- CRT format
- x509 version 3
- SubjectAltName must contain DNS Name=<machine_FQDN>.
- Contains the following Key Usages: Digital Signature, Key Encipherment
Procedure
What to do next
When the Certificate Authority returns the certificate, replace the existing certificate in the certificate store. See Add Custom Certificates.