• Creating the certificate request
• Getting the certificate
• Installation and configuration of the certificate in vCenter Server

• You have a vSphere 5.5 Environment
• All certificates and corresponding files are already generated per the workflow in Implementing CA signed SSL certificates with vSphere 5.x (2034833).
  

Installation and configuration of the certificate in vCenter Server

1. Log in to vCenter Server as an administrator.
2. If you have not already imported it, double-click the c:\certs\Root64.cer file and import the certificate into the Trusted Root Certificate Authorities > Local Computer Windows certificate store. This ensures that the certificate server is trusted.
3. Backup the certificates for the VMware vCenter Server:
   
   C:\ProgramData\VMware\VMware VirtualCenter\SSL
   
   
4. Copy the new certificate files into the C:\ProgramData\VMware\VMware VirtualCenter\SSL folder. If you are using this resolution path, the proper certificate is in c:\certs\vCenter.
   
   Note: Do not stop or restart vCenter Server or its services until the steps below instruct you to do so. Otherwise, your vCenter Server may not start due to certificate trusts mismatch.
   
   
5. Open rui.crt using a text editor and validate that the first line of the file begins with -----BEGIN CERTIFICATE-----. If there is any text prior to this, remove it. The code that validates the certificate may fail in Step 5 if there is additional text.
6. Navigate to https://vcenterserverFQDN/mob/?moid=vpxd-securitymanager&vmodl=1 on vCenter Server and load the certificates for the configuration by using the Managed Object Browser.
   
   Note: If you are accessing the Managed Object Browser directly from vCenter Server, use https://localhost/mob/?moid=vpxd-securitymanager&vmodl=1.
   
   
7. Click continue if you are prompted with a certificate warning.
8. Enter a vCenter Server administrator username and password when prompted.
9. Click reloadSslCertificate.
10. Click Invoke Method. If successful, the window shows this message: Method Invocation Result: void.
11. Close both windows.
12. Open a command prompt on vCenter Server and change to the isregtool directory. By default, this is C:\Program Files\VMware\Infrastructure\VirtualCenter Server\isregtool.
13. Run this command to register the vCenter Server to the inventory service:
    
    register-is.bat vCenter_Server_URL Inventory_Service_URL SSO_Lookup_Service_URL
    
    Where these URLs are the typical URL (modify if ports are different):
    
    vCenter_Server_URL is https://server.domain.com/sdk
    Inventory_Service_URL is https://server.domain.com:10443/
    SSO_Lookup_Service_URL is https://server.domain.com:7444/lookupservice/sdk
    
    If the command is successful, you see a message similar to:
    
    
    Note: If the return code is not 0 0, an error has likely occurred in the command. Review the text to see the error. The most common error is a mistyped URL in one of the three services.
    
    
14. Change to the vCenter Server directory. By default, this is C:\Program Files\VMware\Infrastructure\VirtualCenter Server\.
15. Run the command:
    
    vpxd -p
    
    
16. Type the password for the vCenter Server database user to encrypt the password with the new certificate.
17. Restart the VMware VirtualCenter Server service from the service control manager (services.msc).
18. Restart the VMware vSphere Profile Driven Storage Service.
19. After the initial restart of the services, wait for 5 minutes. If the VMware vSphere Profile Driven Storage service stops during this time, restart it.
20. Navigate to https://vcenterserver.domain.com/ and validate the certificate.