Starting with vSphere 6.7 Update 2, you can use the vSphere Automation API to manage certificates in your vSphere environment. You can not only refresh default certificates that are issued by the VMware Certificate Authority (VMCA) but also add third-party or custom-made certificates to your environment.
What to read next
Certificate Management Operations vSphere Automation API to manage trusted root certificate chains, VMware Certificate Authority (VMCA) root certificates, machine SSL (TLS) certificates, and Security Token Service (STS) signing certificates.Add a Root Certificate to vCenter Server Certificate Management vCenter Trusted Root Chains interface to add, delete and read trusted root certificate chains.Delete a Root Certificate from vCenter Server Certificate Management vCenter Trusted Root Chains interface to add, delete and read trusted root certificate chains. This use case demonstrates how to delete a root certificate or certificate chain from the trusted root store of your vCenter Server system.Change the Machine SSL Certificate of vCenter Server vCenter Server system by using the TLS and the TLS CSR interfaces of the vSphere Automation API.Refresh the vCenter Server STS Signing Certificate with a VMCA-Issued Certificate vCenter Server Security Token Service (STS) signing certificate by using the Certificate Management vCenter Signing Certificate interface. The STS is an internal entity that issues and verifies tokens so that vSphere services can communicate with and trust each other.Set a Custom STS Signing Certificate to vCenter Server vCenter Server STS signing certificate with a custom generated or third-party certificate by using the Certificate Management vCenter Signing Certificate interface.
