The vSphere Certificate Manager utility allows you to perform most certificate management tasks interactively from the command line. vSphere Certificate Manager prompts you for the task to perform, for certificate locations and other information as needed, and then stops and starts services and replaces certificates for you.
To understand more about options for replacing the default certificates, see Replacing vSphere Certificates.
If you use vSphere Certificate Manager, you are not responsible for placing the certificates in VECS (VMware Endpoint Certificate Store) and you are not responsible for starting and stopping services.
You run vSphere Certificate Manager options in sequence to complete a workflow. Several options, for example, generating CSRs, are used in different workflows. Before you run vSphere Certificate Manager, be sure that you understand the replacement process and procure the certificates that you want to use.
vSphere Certificate Manager Utility Location
The vSphere Certificate Manager utility is located at:
When running vSphere Certificate Manager, some options prompt you as follows:
Enter proper value for VMCA 'Name':
Respond to this prompt by entering the fully qualified domain name of the machine on which the certificate configuration is running.
Workflows in the vSphere Certificate Manager Utility
The following table presents an overview of the certificate replacement workflows you can accomplish by using the vSphere Certificate Manager utility.
|Replacing VMCA root certificate with custom signing certificate and replacing all certificates
|To generate the VMCA root certificate, and replace all certificates, use Option 4, Regenerate a new VMCA Root certificate and replace all Certificates.
|Regenerate a New VMCA Root Certificate and Replace All Certificates Using the Certificate Manager
|Making VMCA an intermediate certificate authority
|To make VMCA an intermediate CA, you must run the vSphere Certificate Manager utility several times and use multiple options. This workflow gives the complete set of steps for replacing both machine SSL certificates and solution user certificates.
|Make VMCA an Intermediate Certificate Authority Using the Certificate Manager
|Replacing all certificates with custom certificates
|To replace all certificates with custom certificates, you must run the vSphere Certificate Manager utility several times and use multiple options. This workflow gives the complete set of steps for replacing both machine SSL certificates and solution user certificates.
|Replace All Certificates with a Custom Certificate Using the Certificate Manager
|Reverting the last performed operation
|To revert the last performed certificate operation and return to the previous state, use Option 7, Revert last performed operation by re-publishing old certificates.
|Revert Last Performed Operation by Republishing Old Certificates Using the Certificate Manager
|Resetting all certificates
|To replace all existing vCenter certificates with certificates that are signed by VMCA, use Option 8, Reset all Certificates.
|Reset All Certificates Using the Certificate Manager