The host certificate and key are located in /etc/vmware/ssl/rui.crt and /etc/vmware/ssl/rui.key. When you replace a host certificate by using either the vSphere Client or the vSphere Web Services SDK vim.CertificateManager managed object, and the replacement fails, the system creates .bak files for the previous key and certificate files.

When certificate replacement fails, you can restore previous certificates by copying over the .bak files to the current certificate and key files.