thecloudxpert

HOWTO: Replace a VMCA certificate via the GUI in vSphere 6.5 with PSC & VCSA

Platform Services Controller vCenter VCSA VMCA VMware vSphere

Published on 25 March 2017 by Christopher Lewis. Words: 344. Reading Time: 2 mins.

Introduction

In this blog post we will walkthrough how to use the GUI to replace the SSL certificates on both the vCenter Server Appliance (VCSA) and Platform Service Controller (PSC) in vSphere 6.5.

Step by Step Guide

Prerequisites

  • A VMCA SSL Certificate (such as root_signing_cert.cer)
  • A RSA Private Key (such as root_signing_cert.key)

Process Overview

The high level steps are as followed:

  1. Log into the External Platform Services Controller.
    • Replace the Root Certificate.
  2. Connect to the PSC Appliance.
    • Renew the Machine SSL Certificate.
    • Renew the Solution User Certificate.
  3. Connect to the VCSA Appliance.
    • Renew the Machine SSL Certificate.
    • Renew the Solution User Certificate.
  4. Reboot the Platform Services Controller.

Process Breakdown

Log into External Platform Services Controller

  1. Navigate to https://psc-appliance.fqdn/psc.
  1. Log in using the SSO Administrator account (e.g. administrator@vsphere.local) and password.

Renew the Root Certificate

  1. Click Certificate Authority > Root Certificate.
  1. Click Replace Certificate.
  1. Click Browse and locate the Private Key file and click Open.
  2. Click Browse and locate the VMCA Certificate file and click Open.
  1. Click OK.

Connect to the Platform Services Controller

  1. Click Certificate Management.
  1. Type the SSO Administrator password and click Submit.

Renew the Machine SSL Certificate

  1. Click the Machine Certificates tab.
  1. Select the __MACHINE_CERT and click Renew.
  1. Click Yes.

Renew the Solution User Certificates

  1. Click the Solution User Certificates tab.
  1. Click Renew All.
  1. Click Yes.
  1. Click Logout.

Connect to the vCenter Server

  1. Type the vcenter.fqdn into the Server IP/FQDN text box and then enter the password for the SSO Administrator.
  1. Click Submit.

Renew the Machine SSL Certificate

  1. Click the Machine Certificates tab.
  1. Select the __MACHINE_CERT and click Renew.
  1. Click Yes.

Renew the Solution User Certificates

  1. Click the Solution User Certificates tab.
  1. Click Renew All.
  1. Click Yes.
  1. Click Logout.

Reboot the Platform Services Controller


  1. Click Appliance Settings.
  1. Click the VMware Platform Services Appliance link.
  1. Enter username as root and the root password, then click Logon.
  1. Click Reboot.
  1. Click Yes.

There we have it, your VCSA should now be acting as a Subordinate CA using the VMCA solution!

Published on 25 March 2017 by Christopher Lewis. Words: 344. Reading Time: 2 mins.


Blog Categories: VMware vSphere vCenter
Related Post(s):
Recent Posts:
  • Creating a Custom Resource Action - Part 1: Getting Started & API Discovery
  • Operating a Private Cloud - Part 3: Creating a Pricing Card in VMware Aria Automation
  • Operating a Private Cloud - Part 2: Creating a Pricing Card in VMware Aria Operations
  • Operating a Private Cloud - Part 1: Understanding Pricing Cards in VMware Aria
  • Zero2Hero - Using Aria Automation to Deploy Multiple Machines with Multiple Disks - Part 5

    • Blog Categories:
    active directory 6 aria automation 9 aria automation orchestrator 1 aria operations 2 aws 2 blog 1 career 1 certificate authority 5 certificates 5 certification 91 cloud management 1 cloudnativecon 1 community 1 fun 1 general 9 hands on labs 1 home lab 2 kubecon 1 kubernetes 1 microsoft 7 nsx 45 nsx v 41 powercli 8 powershell 6 reviews 1 vcap 48 vcap6 2 vcenter 4 vcix 2 vexpert 9 vmug 5 vmware 99+ vmware aria 1 vmware aria automation 9 vmware aria automation orchestrator 1 vmware aria operations 3 vmware cloud 3 vmware cloud director 1 vmware explore 2 vmware identity manager 2 vmworld 36 vrealize automation 81 vrealize automation saltstack config 1 vrealize business 2 vrealize log insight 1 vrealize operations 1 vrealize operations manager 5 vrealize orchestrator 13 vrealize suite 14 vrealize suite lifecycle manager 20 vsan 5 vsphere 9 windows 6
    Top Tags:
    active directory 6 api 18 barcelona 24 certificates 11 certification 7 howto 42 microsoft 7 multi tenancy 9 nsx v 43 platform services controller 8 powercli 8 powershell 7 psc 6 vcap 8 vcap6 45 vcap6 cma 47 vcap6 nv 37 vcix6 nv 36 vexpert 19 vmug 8 vmware 99+ vmware aria 10 vmware aria automation 9 vmworld 35 vmworld 2016 13 vmworld 2017 9 vra 13 vrealize automation 74 vrealize operations 8 vrealize orchestrator 21 vrealize suite lifecycle manager 11 vrslcm 20 vsan 7 vsphere 12