HOWTO: Replace a VMCA certificate via the GUI in vSphere 6.5 with PSC & VCSA
Platform Services Controller vCenter VCSA VMCA VMware vSphere
Published on 25 March 2017 by Christopher Lewis. Words: 307. Reading Time: 2 mins.
Prerequisites
- A VMCA SSL Certificate (such as
root_signing_cert.cer) - A RSA Private Key (such as
root_signing_cert.key)
Process Overview
The high level steps are as followed:
- Log into the External Platform Services Controller.
- Replace the Root Certificate.
- Connect to the PSC Appliance.
- Renew the Machine SSL Certificate.
- Renew the Solution User Certificate.
- Connect to the VCSA Appliance.
- Renew the Machine SSL Certificate.
- Renew the Solution User Certificate.
- Reboot the Platform Services Controller.
Process Breakdown
Log into External Platform Services Controller
Navigate to https://psc-appliance.fqdn/psc.
Log in using the SSO Administrator account (e.g. administrator@vsphere.local) and password.
Renew the Root Certificate
Click Certificate Authority > Root Certificate.
Click Replace Certificate.
Click Browse and locate the Private Key file and click Open.
Click Browse and locate the VMCA Certificate file and click Open.
Click OK.
Connect to the Platform Services Controller
Click Certificate Management.
Enter the SSO Administrator password and click Submit.
Renew the Machine SSL Certificate
Click the Machine Certificates tab.
Select the __MACHINE_CERT and click Renew.
Click Yes.
Renew the Solution User Certificates
Click the Solution User Certificates tab.
Click Renew All.
Click Yes.
Click Logout.
Connect to the vCenter Server
Enter the vcenter.fqdn into the Server IP/FQDN text box and then enter the password for the SSO Administrator.
Click Submit.
Renew the Machine SSL Certificate
Click the Machine Certificates tab.
Select the __MACHINE_CERT and click Renew.
Click Yes.
Renew the Solution User Certificates
Click the Solution User Certificates tab.
Click Renew All.
Click Yes.
Click Logout.
Reboot the Platform Services Controller
Note: This can be completed in multiple ways but this is the way I did it.
Click Appliance Settings.
Click the VMware Platform Services Appliance link.
Enter username as root and the root password, then click Logon.
Click Reboot.
Click Yes.
There we have it, your VCSA should now be acting as a Subordinate CA using the VMCA solution!
Published on 25 March 2017 by Christopher Lewis. Words: 307. Reading Time: 2 mins.
- HOWTO: Deploy a vSphere 6.5 vCenter Server Appliance (VCSA) ()
- HOWTO: Deploy a vSphere 6.5 External Platform Services Controller (VCSA) ()
- HOWTO: Automate the installation of the External Platform Services Controller using PowerCLI & JSON - Part 2 ()
- HOWTO: Automate the installation of the External Platform Services Controller using PowerCLI & JSON - Part 1 ()
- HOWTO: Deploy the VMware vSphere 6.0 Platform Service Controller ()