Configuration details | - Log in to vCenter and go to Menu > Administration > Certificates > Certificate Management.
- Under Machine SSL Certificate, click Actions > Generate Certificate Signing Request (CSR).
- Enter the settings to generate a CSR. Leave Common name and host as default.
- Sign the CSR with a trusted third-party signing authority (for example, a CA).
- Return to vCenter, and under Machine SSL Certificate > Actions, select Import and Replace Certificate.
- On the menu that appears, select Replace with certificate generated from vCenter server.
- On the following page, click BROWSE FILE under Machine SSL Certificate and select the signed certificate.
- Click BROWSE FILE under Chain of trusted root certificates and upload the chain of trusted certificates or CA certificate file.
- Click REPLACE and confirm that the certificate has been successfully uploaded (no errors back on the Certificate Management page). vCenter may reboot.
|
Verification steps | - Browse to vCenter using the FQDN of vCenter.
- In the browser, view the certificate presented by vCenter and confirm that vCenter is using a certificate that is issued by the trusted CA.
|
Helpful tips | - vCenter must be deployed with an FQDN.
- Ensure vCenter is synchronized with an NTP server.
- Users can create their own CSRs, but then must also provide the certificate key.
- After uploading a new certificate, vCenter might log the user out. If getting an error upon a refresh, try restarting vCenter or the vCenter's management network.
|