Replacing vCenter Certificate


Depending on organizational or technical requirements, you may have a need to replace the default certificates for vCenter or ESXi.  This is easily accomplished once you understand the process.

  1. Create a private key
  2. Create a certificate request
  3. Obtain the certificate from a certificate authority
  4. Convert the certificate to PFX format
  5. Place the certificate, private key, and PFX certificate in the appropriate directories
VMware vCenter, Inventory Service, Update Manager, Web Client and Single Sign on all have SSL requirements.  I suggest you read the associated documentation as failure to do so can prevent vCenter from starting or hosts communicating with your vCenter.
There are a number of important notes.  The passphrase for the private key must be ‘testpassword’, otherwise you must edit the keystore pass at %ProgramFiles%VMwareInfrastructuretomcatconfserver.xml. 

Generating SSL Certificates
Replacing vCenter Update Manager Certificates
Replacing vCenter 5.1 and ESXi Certificates

Leave a Reply