You can view and manage certificates by using the vSphere Client.

The vSphere Client enables you to perform these management tasks.

  • View the machine SSL, VMware Certificate Authority (VMCA) root, Trusted Root, and Security Token Service (STS) certificates.
  • Add new Trusted Root certificates, and renew or replace existing machine SSL and STS certificates.
  • Generate a custom Certificate Signing Request (CSR) for a machine SSL certificate and replace the certificate when the Certificate Authority returns it.

Most parts of the certificate replacement workflows are supported fully from the vSphere Client. Other certificate replacement workflows are supported by the vSphere Certificate Manager utility. See Managing Certificates Using the vSphere Certificate Manager Utility.

To understand more about options for replacing the default certificates, see Replacing vSphere Certificates.

Note: If you use the VMCA as an intermediate CA, or use custom certificates, you might encounter significant complexity and the potential for a negative impact to your security, and an unnecessary increase in your operational risk. For more information about managing certificates within a vSphere environment, see the blog post titled New Product Walkthrough - Hybrid vSphere SSL Certificate Replacement at