How to Renew Self-Signed certificate of VCH (vSphere Container Host)
search cancel

How to Renew Self-Signed certificate of VCH (vSphere Container Host)

book

Article ID: 317001

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

This article provides the steps to renew the Self-Signed certificate of a VCH (vSphere Container Host)

Environment

VMware vSphere Integrated Containers 1.x

Resolution

  1. SSH to VIC appliance VM.
  2. Navigate to directory which has the VCH folders.
  3. Backup the respective VCH folder. Ex: command --> mv <VCH_Name> <VCH_Name>.bak
  4. Run a command similar to the following in the ssh console of VIC Appliance VM:
./vic-machine-linux configure --target <vcenter_address_or _fqdn> --user [email protected] --password xxxxx --thumbprint ZH:XX:YY:YY --name <VCH_name> (This name has to be same as that of the VCH which you backed up) --tls-cname <VCH_Name>.domain.com
 
Note: A new <VCH_Name> folder should be created
  1. Navigate to the newly created VCH directory and run a command similar to the following to validate the updated certificate:
openssl x509 -in ca.pem -text -noout
      
Note: You should see output similar to the following:

Validity
    Not Before: Sep 27 16:35:01 2018 GMT
    Not After : Sep 28 16:35:01 2019 GMT