top of page

Regenerate the vCenter Machine SSL certificate using self-signed VMCA

Steps:

- Launch the vSphere 6.x or 7.x Certificate Manager

- Login to VCSA SSH using root account then run this command /usr/lib/vmware-vmca/bin/certificate-manager

- Choose Option 3 and login your local account then type the password when prompted

- Enter these values as prompted by the VMCA or Press Enter key to skip optional parameters or use Default value.


Enter proper value for 'Country' [Default value : US] : (Note: Value for Country should be only 2 letters)

Enter proper value for 'Name' [Default value : CA] :

Enter proper value for 'Organization' [Default value : VMware] :

Enter proper value for 'OrgUnit' [Default value : VMware Engineering] :

Enter proper value for 'State' [Default value : California] :

Enter proper value for 'Locality' [Default value : Palo Alto] :

Enter proper value for 'IPAddress' [optional] :

Enter proper value for 'Email' [Default value : email@acme.com] :

Enter proper value for 'Hostname' [Enter valid Fully Qualified Domain Name(FQDN), For Example : example.domain.com] :

Enter proper value for VMCA 'Name': (Note: This information will be requested from vCenter Server 6.0 U3, 6.5 and later builds, you may use the FQDN/PNID of vCenter Server for this field. It will be used as a Common Name for the VMCA Root Certificate)


- Wait to complete

- Then Stop and Start the VCSA services, run this command service-control --stop --all and service-control --start --all

- Login to the vCenter and confirmed the Machine SSL validity

- Before the changes. The Machine SSL Cert is valid until Nov 27, 2021 and now the cert is valid until Nov 24, 2023


Comments


bottom of page