Prerequisites:

Ensure you have a new, valid certificate already imported into the Certificate Library.

Critical: Take a snapshot of the vCD cells before making any manual changes to the endpoint configurations.

Step 1: Identify Expired Certificates and Usage

Before deleting a certificate, you must verify if it is still actively "consumed" by any system components.

1. Navigate to Administration > Certificates Library.
2. Locate the expired certificate in the list.
3. Check the Consumers column:

• • If Consumers = 0: The certificate is not in use and can be safely deleted (Step 3).
  • If Consumers ≥ 1: The certificate is still attached to one or more vCD cells. You must update those cells first.

Step 2: Update Cell Endpoint Configurations

If the expired certificate is still in use, follow these steps to switch to the new certificate:

1. Navigate to Resources > Cloud Cells.
2. Select a cell from the list.
3. Click on the Endpoints Configuration tab.
4. Review the certificates assigned to the Webserver and JMX endpoints.
5. If an endpoint is still using the expired certificate:

• • Click Edit.
  • Select the new, valid certificate from the library.
  • Save the changes.

Repeat these steps for every cell listed in the environment until all endpoints are updated.

Step 3: Remove the Expired Certificate

Once all cells have been updated and the consumer count has dropped to zero, you can clean up the library.

1. Return to Administration > Certificates Library.
2. Verify the Consumers count for the expired certificate now shows 0.
3. Select the expired certificate and click Delete.

If the cells are using the self signed certificates, refer to the Generating Self-Signed Certificates for the VMware Cloud Director HTTPS Endpoint documentation.
If the CA certificates are already available, refer: Change the Certificates of a Cell