Contents

How to Replace vCenter 7 Self-Signed Certificate

You are here:
← All Topics

Tutorial on how to replace vCenter 7 Self-Signed Certificate

Generate CSR from vCenter 7 in GUI

Login to vSphere vCenter 7 and go to Menu > Administration > Certificates > Certificate Management. Select Actions > Generate Certificate Signing Request (CSR) in Machine SSL Certificate

Replace vCenter 7.x Self-Signed Certificate

Common Name & Host is auto filled based on hostname assigned to vCenter.

Click Copy to save the content of CSR file

Generate SSL Certificate from Microsoft CA

Install Microsoft Certificate Authority (CA) by following this link if you do not have CA installed

Login to http://CA/certsrv and click Request a Certificate

Click Advanced Certificate Request

Select Web Server in Certificate Template and paste the content of CSR generated in vCenter

Select Base 64 encoded and click Download Certificate.

Save it to C:\temp\vcsa.cer

Export CA Root Certificate and import it to vCenter

Export the CA Root Cert from AD Domain Controller in .cer format

#Export CA Root Cert
$CA_Root = Get-ChildItem -path cert:\LocalMachine\Root| ? Subject -like "*CN=Aventis.Dev*"
Export-Certificate -Cert $CA_Root -FilePath C:\Temp\CA-Root.cer 

Convert the .cer in DER format to Base64 format and save it as C:\temp\CA-Root-Base64.cer

 certutil -encode CA-Root.cer CA-Root-Base64.cer 

Add the CA Root Certificate in Base64 format in Administration > Certificate > Certificate Management

Replace vCenter 7 Self-Signed Certificate

Click Actions > Import and Replace Certificate in Machine SSL Certificate

Select Replace with certificate generated from vCenter Server

Import the C:\temp\vcsa.cer in Machine SSL Certificate and C:\temp\CA-Root-Base64.cer to Chain of Trusted Root Certificate. Click Replace to continue

vCenter Appliance is rebooting automatically to load the new certificate

Verify SSL Certificate is imported successfully

The Self Signed SSL Certificate is replaced with imported SSL Certificate with CA Root Chained successfully

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to Top