vCenter certificates show as VMCA after successful CSR and replacement
search cancel

vCenter certificates show as VMCA after successful CSR and replacement

book

Article ID: 436163

calendar_today

Updated On:

Products

VCF Operations VMware vCenter Server

Issue/Introduction

In VCF Operations 9.0.x, after running the "replace with configured CA certificate" workflow using a Microsoft CA for the vCenter from Fleet Management > Certificates > VCF Instances, you observe that only the TLS certificate shows as a Microsoft CA certificate in the UI. The root and intermediate certificates still appear as VMCA.

Environment

VCF Operations 9.0.x

vCenter 9.0.x

Cause

For VCF Management components such as vCenter, only the newly generated TLS Certificate shows as the Microsoft CA type in the UI and will include the full chain. The original root and intermediate certificates do not change their display type, which can lead to the false assumption that the replacement failed.

Resolution

No further action is required to replace the vCenter certificate. The initial replacement is successful and the certificate is valid.

To confirm the new certificate is in place and functional:

  1. Navigate to Fleet Manager > Certificates > VCF Instances 

  2. Find vCenter Component

  3. Click (>>) to Open Certificate Details

From command line through vCenter we can also validate by using the following command:

openssl s_client -connect localhost:443

 

Powered by Wolken Software