Unable to replace the default SSL certificate with custom certificate using DSE (VCD DSM UI) for the database instances.

However, the custom certificate can be replaced by logging into DSM UI directly.

VMware DSM 2.2.1

VMware vCloud Director

This is a limitation from VCD/DSE at this point of time and not supported.

There is no solution for this issue to replace the certificate from UI. However, the below workaround can be used to deploy database with custom certificate. 

Workaround:

In the DSE tenant UI, when create new DSM Postgres or MySQL instance, at the last step (manifest), we can set the configuration of the custom certificate and DNS names in the YAML editor.

• Add a new secret definition that includes keys ca.crt, tls.crt and tls.key for custom certificate.
• The DNS names should be set in the field spec.dnsNames
• The certificate secret name should be set in the field spec.tls.secretName.

Example as below: mysql instance example with custom certificate.

```
apiVersion: databases.dataservices.vmware.com/v1alpha1
kind: MySQLCluster
spec:
members: 1
version: "8.0.40+vmware.v9.0.1.0"
vmClass:
name: "small"
storageSpace: "60Gi"
infrastructurePolicy:
name: "infra-policy-2"
storagePolicyName: "vSAN Default Storage Policy"
adminUsername: "mysql-admin"
databaseName: "test"
maintenanceWindow:
duration: 6h0m0s
startDay: SATURDAY
startTime: "23:59"
dnsNames:
- example.com
tls:
secretName: test-ms-cert-tls-cert
---
apiVersion: v1
stringData:
ca.crt: |
.....
tls.crt: |
...
tls.key: |
...
kind: Secret
metadata:
name: test-ms-cert-tls-cert
type: kubernetes.io/tls

Reference screenshot for the yaml edit.