You can use vSphere Certificate Manager to generate Certificate Signing Requests (CSRs) that you can then use with your enterprise CA or send to an external certificate authority. You can use the certificates with the different supported certificate replacement processes.
/usr/lib/vmware-vmca/bin/certificate-manager
Prerequisites
vSphere Certificate Manager prompts you for information. The prompts depend on your environment and on the type of certificate you want to replace.
- For any CSR generation, you are prompted for the password of the [email protected] user, or for the administrator of the vCenter Single Sign-On domain that you are connecting to.
- You are prompted for the host name or IP address of the vCenter Server.
- To generate a CSR for a machine SSL certificate, you are prompted for certificate properties, which are stored in the certool.cfg file. For most fields, you can accept the default or provide site-specific values. The FQDN of the machine is required.
Procedure
What to do next
Perform certificate replacement.