• VMware vCenter Server 7.x

• VMware vCenter Server 8.x

The MACHINE_SSL_CERT may require replacement for several reasons:

• The current certificate is approaching expiration or has expired.

• Security policies require periodic certificate regeneration.

• The certificate has become compromised.

• Maintaining security compliance with organizational standards.

Using the default VMCA root certificate for replacement is the simplest approach when external certificate authorities are not required.

Follow these steps to renew VMCA-signed certificates:

1. Access and launch the vSphere Client.

2. Log in using [email protected] credentials (or administrator@mydomain if a different domain was configured during installation).

3. Click the Home menu and select Administration.

4. Under Certificates, click Certificate Management.

5. Authenticate by entering vCenter Server credentials, if prompted.

6. Select the Machine SSL tab.

7. Choose the certificate that needs to be replace

8. Click Renew (this process replaces the existing certificate with a new one using the default VMCA root certificate).

9. Enter the desired certificate duration (in days).

10. Check the backup acknowledgment box.

11. Click Renew.

12. Once successful, click Refresh to update the browser.

• Always back up vCenter Server and its databases before performing certificate operations. A powered-off snapshot also creates a reliable roll-back point.

• Certificate renewal maintains existing trust relationships while providing fresh validity periods.

• The process can be performed on individual certificates or multiple certificates simultaneously.

Related Articles:

• Managing Certificates Using the vSphere Client

• vSphere Authentication