For certain parts of manual certificate replacement, you must stop all vCenter Server services and then start only the services that manage the certificate infrastructure. If you stop services only when needed, you can minimize downtime.
You have to stop and start services as part of the certificate replacement process. You can use the service-control command for starting and stopping services. You can start and stop all services or individual services. See the command-line help for more information.
Follow these guidelines.
- Do not stop services to generate new public/private key pairs or new certificates.
- If you are the only administrator, you do not have to stop services when you add a new root certificate. The old root certificate remains available, and all services can still authenticate with that certificate.
- Stop services right before you delete a machine SSL certificate in VMware Endpoint Certificate Store (VECS).