Replace vCenter 7.0 Machine Certificate with Internal SSL certificate using vCenter Web Console

 How to replace machine certificate with Internal SSL certificate using vCenter web console

This article is to replace Machine SSL certificate of vCenter 7.0

Login to certificate server 

Open PowerShell and run below command, you need to replace with your vCenter FQDN

Get-Certificate -Template WebServerCustom -SubjectName "CN,OU = International SOS,O = International SOS,L = Singapore,S = SG,C = SG" -DnsName, DEMOVCSA -CertStoreLocation cert:\LocalMachine\My

MMC-> this computer -> Certificate

Expand the personal certificate folder -> you will see Certificates with the same name have already been created.

Export -> 

Make sure you have selected Export all extended properties

Enter the password

Go to the path where you have exported .pfx file

Now open Win32 OpenSSL command prompt with Administrator privilege

Run Below command after replacing file name

openssl pkcs12 -in C:\Certificate\server\DEMOVCSA.pfx -nocerts -out C:\Certificate\server\DEMOVCSA.key.pem -nodes

Password: Temp@123

openssl pkcs12 -in C:\Certificate\server\DEMOVCSA.pfx -nokeys -out C:\Certificate\server\DEMOVCSA.pem

Now two files will export at given path -> C:\Certificate\server\



Now login to vCenter with global permission account

Click on Menu -> Administrator

Under Certificate click Certificate Management

Now go to Machine_Cert -> Actions

Click Import and Replace Certificate

 Select Relace with external CA Certificates Private Key

Click Next

Open VCSADEMO.Pem file in notepad from C:\Certificate\server\

Copy -----BEGIN CERTIFICATE----- to -----END CERTIFICATE----- and paste

Copy second Key and paste in 

Now open another file sin1vsyvvc001.key in Notepad and paste it in

Then click Replace

Now you will see the message certificate import completed successfully and you will be asked to re-login

It will take some time in bringing up the service

Once the service is up you need to open the vCenter web console and from there you can see certificate status, now it should show a trusted certificate.

No comments:

Post a Comment

Featured Post

HPE MSA 2040 configuration step by step

HPE MSA 2040 configuration Default IP range for HP SAN storage MSA 2040 is You need to connect your laptop and storage with...