This article describes the process for updating custom certificates used in vCenter through vSphere Client operations.

VMware vCenter Server 7.x
VMware vCenter Server 8.x

Custom certificates cannot be renewed using the "Renew" function in vSphere Client.
As with the initial installation, you must generate a CSR (Certificate Signing Request) and import the newly issued certificate.

• Generate the CSR
  1. Log in with the vSphere Client to the vCenter Server.
  2. Specify the user name and password for [email protected] or another member of the vCenter Single Sign-On Administrators group.
     If you specified a different domain during installation, log in as administrator@mydomain.
  3. Navigate to the Certificate Management UI.
     
     1. From the Home menu, select Administration.
     2. Under Certificates, click Certificate Management.
        
        
  4. Enter the credentials of your vCenter Server.
  5. Generate the CSR.
     
     1. Under the Machine SSL tab, select the desired certificate and click Generate Certificate Signing Request (CSR).
     2. Enter your certificate information and click Next.
     3. Copy or download the CSR.
     4. Click Finish.
     5. Provide the CSR to your Certificate Authority.

Note:
For certificate requirements, see Generating a Certificate Signing Request for a Machine SSL Certificate using the vSphere Client (Custom Certificates) .

• Importing a Custom Certificate
  
  1. Log in with the vSphere Client to the vCenter Server.
  2. Specify the user name and password for [email protected] or another member of the vCenter Single Sign-On Administrators group.
     If you specified a different domain during installation, log in as administrator@mydomain.
  3. Navigate to the Certificate Management UI.
     1. From the Home menu, select Administration.
        
     2. Under Certificates, click Certificate Management.
        
        
  4. If the system prompts you, enter the credentials of your vCenter Server.
  5. Under the Machine SSL tab, select the certificate then click Import and Replace Certificate.
  6. Click the "Replace with external CA certificate (requires private key)" option and click Next.
  7. Enter the CSR information, or upload the appropriate certificates.
  8. Click the checkbox to acknowledge that you have backed up vCenter Server and its databases.
  9. Review the information and click Finish.
     The system replaces the certificate and displays a success message.
  10. When the certificate has been changed message appears, click Refresh to refresh your browser.

• Generating a Certificate Signing Request for a Machine SSL Certificate using the vSphere Client (Custom Certificates)
• Custom Machine SSL Certificate Update Fails
• Replace vCenter Machine SSL certificate Custom Certificate Authority Signed Certificate
• Japanese KB: vSpehreClient からの vCenter カスタム証明書更新