Steps:
- Launch the vSphere 6.x or 7.x Certificate Manager
- Login to VCSA SSH using root account then run this command /usr/lib/vmware-vmca/bin/certificate-manager
- Choose Option 3 and login your local account then type the password when prompted
- Enter these values as prompted by the VMCA or Press Enter key to skip optional parameters or use Default value.
Enter proper value for 'Country' [Default value : US] : (Note: Value for Country should be only 2 letters)
Enter proper value for 'Name' [Default value : CA] :
Enter proper value for 'Organization' [Default value : VMware] :
Enter proper value for 'OrgUnit' [Default value : VMware Engineering] :
Enter proper value for 'State' [Default value : California] :
Enter proper value for 'Locality' [Default value : Palo Alto] :
Enter proper value for 'IPAddress' [optional] :
Enter proper value for 'Email' [Default value : email@acme.com] :
Enter proper value for 'Hostname' [Enter valid Fully Qualified Domain Name(FQDN), For Example : example.domain.com] :
Enter proper value for VMCA 'Name': (Note: This information will be requested from vCenter Server 6.0 U3, 6.5 and later builds, you may use the FQDN/PNID of vCenter Server for this field. It will be used as a Common Name for the VMCA Root Certificate)
- Wait to complete
- Then Stop and Start the VCSA services, run this command service-control --stop --all and service-control --start --all
- Login to the vCenter and confirmed the Machine SSL validity
- Before the changes. The Machine SSL Cert is valid until Nov 27, 2021 and now the cert is valid until Nov 24, 2023
VMware KB Reference: https://kb.vmware.com/s/article/2112283