You can replace all VMCA-signed certificates with new VMCA-signed certificates. This process is called renewing certificates. You can renew selected certificates or all certificates in your environment from the vSphere Client.


For certificate management, you have to supply the password of the administrator of the local domain (administrator@vsphere.local by default). If you are renewing certificates for a vCenter Server system, you also have to supply the vCenter Single Sign-On credentials for a user with administrator privileges on the vCenter Server system.


  1. Log in with the vSphere Client to the vCenter Server.
  2. Specify the user name and password for administrator@vsphere.local or another member of the vCenter Single Sign-On Administrators group.
    If you specified a different domain during installation, log in as administrator@ mydomain.
  3. Navigate to the Certificate Management UI.
    1. From the Home menu, select Administration.
    2. Under Certificates, click Certificate Management.
  4. If the system prompts you, enter the credentials of your vCenter Server.
  5. Renew the VMCA-signed machine SSL certificate for the local system.
    1. Select Machine SSL Certificate.
    2. Click Actions > Renew.
    3. Click Renew.
      vCenter Server services restart automatically. You must log back in because restarting the services ends the UI session.