You can generate a new certificate that is provisioned by VMCA, or a new certificate that includes VMCA as a subordinate certificate.
See Set Up vSphere Authentication Proxy to Use Custom Certificates if you want to use a custom certificate that is signed by a third-party or enterprise CA.
Prerequisites
You must have root or Administrator privileges on the system on which vSphere Authentication Proxy is running.
Procedure
- Make a copy of certool.cfg.
cp /usr/lib/vmware-vmca/share/config/certool.cfg /var/lib/vmware/vmcam/ssl/vmcam.cfg
- Edit the copy with some information about your organization, as in the following example.
Country = IE
Name = vmcam
Organization = VMware
OrgUnit = vTSU
State = Cork
Locality = Cork
Hostname = test-cam-1.test1.vmware.com
- Generate the new private key in /var/lib/vmware/vmcam/ssl/.
/usr/lib/vmware-vmca/bin/certool --genkey --privkey=/var/lib/vmware/vmcam/ssl/rui.key --pubkey=/tmp/vmcam.pub --server=localhost
For
localhost, supply the FQDN of the
vCenter Server.
- Generate the new certificate in /var/lib/vmware/vmcam/ssl/ using the key and vmcam.cfg file that you created in Step 1 and Step 2.
/usr/lib/vmware-vmca/bin/certool --server=localhost --gencert --privkey=/var/lib/vmware/vmcam/ssl/rui.key --cert=/var/lib/vmware/vmcam/ssl/rui.crt --config=/var/lib/vmware/vmcam/ssl/vmcam.cfg
For
localhost, supply the FQDN of the
vCenter Server.
