You can use the vSphere Certificate Manager utility to replace all existing vCenter certificates with certificates that are signed by VMCA.

When you use this option, you overwrite all custom certificates that are currently in VMware Endpoint Certificate Store (VECS).

vSphere Certificate Manager can replace all certificates. Which certificates are replaced depends on which options you select.


  1. Log in to vCenter Server shell and start the vSphere Certificate Manager.
  2. Select Option 8, Reset all Certificates.
  3. Enter the administrator user and password.
  4. When prompted, enter your certificate information.

What to do next

After certificates are replaced and services are restarted, verify your certificate information.