How to replace the vSphere 6/7/8.x Solution User certs with VMCA issued certs
search cancel

How to replace the vSphere 6/7/8.x Solution User certs with VMCA issued certs

book

Article ID: 313947

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

This article explains how to regenerate new vSphere 6/7/8.x Solution User certificates from the VMware Certificate Authority (VMCA).

 
The certificates generated is issued from the current VMCA Root Certificate. You may want to configure VMCA as a Subordinate Certificate Authority of an existing Certificate Authority. For more information on this procedure, see Configuring vSphere 6.0 VMware Certificate Authority as a subordinate Certificate Authority (2112016).
 
Notes:
  • The vSphere 6/7/8.x Solution Users use SSL Certificates for internal communication and endpoint registration.
  • If you are using vCenter Server 6/7/8.x with an embedded Platform Services Controller, there are four Solution User Certificates:
     
    • machine
    • vpxd
    • vpxd-extension
    • vsphere-webclient

 



Environment

VMware vCenter Server Appliance 6.7.x
VMware vCenter Server 6.0.x
VMware vCenter Server 7.0.x
VMware vCenter Server Appliance 6.0.x
VMware vCenter Server Appliance 6.5.x

VMware vCenter Server 8.0.x

Resolution

Note: For vCenter Server 6.0 Update 1b and later, unique names must be created. For more information, see Updating certificates using certificate manager on vCenter Server or PSC 6.0 Update 1b fails (2144086).
 
To replace the vSphere 6/7/8.x Solution User certificates with VMware Certificate Authority issued certificates:
  1. Launch the vSphere 6/7/8.x Certificate Manager.

    For vCenter Server 6/7/8.x Appliance:

    /usr/lib/vmware-vmca/bin/certificate-manager

    For Windows vCenter Server 6.0:

    C:\Program Files\VMware\vCenter Server\vmcad\certificate-manager
     
  2. Select Option 6 (Replace Solution user certificates with VMCA Certificates)
     
  3. Type Yes (Y) to the confirmation request to proceed.
  4. Provide the [email protected] password when prompted.

    Notes:



Additional Information

VMware Skyline Health Diagnostics for vSphere - FAQ
Configuring the vSphere 6.0 U1 or earlier VMware Certificate Authority as a Subordinate Certificate Authority
How to replace the vSphere 6.0 Solution User certs with CA signed certs
ESX Agent Manager solution user fails to log in after replacing the vCenter Server certificates in vSphere 6.0
vSphere 6.0 ソリューション ユーザー証明書を VMware 認証局によって発行された証明書に置き換える
Substituindo os certificados de Usuário de Solução vSphere 6.0 por certificados emitidos pela VMware Certificate Authority
Reemplazar los certificados de usuario de la solución de vSphere 6.0 por certificados emitidos por VMware Certificate Authority
如何将 vSphere 6.0 解决方案用户证书替换为 VMware Certificate Authority 颁发的证书
Updating certificates using certificate manager on vCenter Server or PSC 6.0 Update 1b fails