You can replace all VMCA-signed certificates with new VMCA-signed certificates. This process is called renewing certificates. You can renew selected certificates or all certificates in your environment from the vSphere Client.

Prerequisites

For certificate management, you have to supply the password of the administrator of the local domain ([email protected] by default). If you are renewing certificates for a vCenter Server system, you also have to supply the vCenter Single Sign-On credentials for a user with administrator privileges on the vCenter Server system.

Procedure

  1. Log in with the vSphere Client to the vCenter Server.
  2. Specify the user name and password for [email protected] or another member of the vCenter Single Sign-On Administrators group.
    If you specified a different domain during installation, log in as administrator@ mydomain.
  3. Navigate to the Certificate Management UI.
    1. From the Home menu, select Administration.
    2. Under Certificates, click Certificate Management.
  4. If the system prompts you, enter the credentials of your vCenter Server.
  5. Renew the VMCA-signed machine SSL certificate for the local system.
    1. From the Machine SSL tab, select the desired certificate and click Renew.
    2. Specify the duration of the certificate in days.
    3. Click the checkbox to acknowledge that you have backed up vCenter Server and its databases.
    4. Click Renew.
      The system renews the certificate and displays a success message.
    5. When the certificate has been changed message appears, click Refresh to refresh your browser.