You can replace the certificate for the vCenter Cloud Gateway when the certificate expires or when you want to use a certificate from another certificate provider.
Use this method of replacing the certificate only after Hybrid Linked Mode is enabled. If you need to replace the certificate on a vCenter Cloud Gateway without Hybrid Linked Mode enabled, see Replace the Certificate for vCenter Cloud Gateway.
Generate certificate signing requests (CSRs) for each certificate you want to replace. Provide the CSR to your Certificate Authority. When the Certificate Authority returns the certificate, place it in a location that you can access from the vCenter Cloud Gateway.
- In a web browser, go to http://cga-address/ui where cga-address is the IP address or FQDN of the vCenter Cloud Gateway.
- Log in with your on-premises credentials.
- Navigate to the Certificate Management UI.
- From the Home menu, select Administration.
- Under Certificates, click Certificate Management.
- Enter your credentials and click Login and Manage Certificates.
- On the Machine SSL Certificate, select .
- Click the browse button on the Certificate Chain and provide the path of the certificate chain file.
This file should contain the machine SSL certificate, the Root CA certificate, and the entire chain of trust.
- Click the browse button on the private key and provide the private key for the certificate.
- Click Replace.
What to do next
When the certificate is successfully replaced, restart all services on the vCenter Cloud Gateway. See https://kb.vmware.com/s/article/2109887.