This article provided an overview of certificates in VCD ( VMware Cloud Director)  10.6.x

VCD 10.6.x

According to  VCD 10.6  doc:

    Certificate Management in the VMware Cloud Director Appliance

    certificate management for 10.6 and later versions differs significantly from earlier versions.

We need to clarify the usage of these certificates.

There are 4 kinds of certificates.

1) HTTP (Web server) certificate

/opt/vmware/vcloud-director/etc/certificates.pem

This certificate is important , and should not wait until it expires.

To renew/replace the HTTP certificate, please follow  steps in the doc:

    Generating Self-Signed Certificates for the VMware Cloud Director HTTPS Endpoint

   Replace or Renew the Certificates of the VMware Cloud Director Cell

2)  JMX certificate

This used by JMX, usually we don't need to care about this certificate.

3) SAML certificate

This certificate is used by SAML , it can always be renewed in VCD provider 

   Administration=> Identity providers => SAML

4) VAMI&DB certificate

  /opt/vmware/appliance/etc/ssl/vcd_ova.crt

 Unlike the 3 certificates above, this certificate is not shown in VCD  provider Web page.

 And usually,  even this certificate expires, it doesn't affect VCD services.

 But in some cases, when VCD is upgraded to a higher version, the connection to VCD database may fail,

 and we need to apply the workaround in this KB

 To renew/replace this certificate ,  please follow steps in the doc:

   Replace a Self-Signed Embedded PostgreSQL and VMware Cloud Director Appliance Management UI Certificate