This article is for additional information about the entire certificate chain for Custom CA machine SSL certificates for the vCenter service appliance, when the VMware certificate authority (VMCA) has generated the certificate signing request (CSR).

The complete signing chain (Root, and Intermediate if applicable) is not provided, or the correct certificates for the signing chain are not present for the machine certificate.

If the client machine being used is an MS Windows machine, one method is to export each Intermediate and the Root certs following the steps below.

1. Open the machine cert using Windows cert viewer
   • Note: If you open the Machine cert with a text editor, it will most likely only show the single cert. However, the cert still contains all the info for the signing certs in the chain.
2. Select the individual inter/root cert from the “Certification Path” tab.
3. Click the “View Certificate” button. A new window will pop up.
4. Go to “Details” tab of that inter/root cert.
5. Click “Copy to File” button.
6. Follow the prompts. Export the cert file as “Base-64…”, saving to desired path (e.g., new folder named "Certs_<currentDate>").
7. Do the same for any remaining inter certs and the root cert for the chain.
8. Open each Inter and the Root certs using a text editor and combine them into single file from Inter down to Root, making sure they are in proper order. (e.g., Inter1, Inter2, etc., Root).
9. You now have the required "Signing" (Chain) file for this Machin cert.