When you use VMCA as an intermediate CA, you can replace the solution user certificate explicitly. First you replace the VMCA root certificate on the vCenter Server, then you can replace the solution user certificate, which will be signed by the VMCA's new root. You can also use this option to replace solution certificates that are corrupt or about to expire.


  • Restart all vCenter Server nodes explicitly if you replaced the VMCA root certificate in a deployment consisting of multiple instances of vCenter Server in Enhanced Linked Mode configuration.
  • You must know the following information to run Certificate Manager with this option.
    • Password for administrator@vsphere.local
    • Host name or IP address of the vCenter Server system


  1. Start vSphere Certificate Manager and select option 6.
  2. Respond to the prompts.
    See the VMware knowledge base article at http://kb.vmware.com/kb/2112281 for more information.


vSphere Certificate Manager replaces all solution user certificates.