HOWTO: Replace a VMCA certificate via the GUI in vSphere 6.5 with PSC & VCSA



Platform Services Controller vCenter VCSA VMCA VMware vSphere

Published on 25 March 2017 by Christopher Lewis. Words: 307. Reading Time: 2 mins.

Prerequisites

  • A VMCA SSL Certificate (such as root_signing_cert.cer)
  • A RSA Private Key (such as root_signing_cert.key)

Process Overview

The high level steps are as followed:

  1. Log into the External Platform Services Controller.
    • Replace the Root Certificate.
  2. Connect to the PSC Appliance.
    • Renew the Machine SSL Certificate.
    • Renew the Solution User Certificate.
  3. Connect to the VCSA Appliance.
    • Renew the Machine SSL Certificate.
    • Renew the Solution User Certificate.
  4. Reboot the Platform Services Controller.

Process Breakdown

Log into External Platform Services Controller

Navigate to https://psc-appliance.fqdn/psc.

Log in using the SSO Administrator account (e.g. administrator@vsphere.local) and password.

Renew the Root Certificate

Click Certificate Authority > Root Certificate.

Click Replace Certificate.

Click Browse and locate the Private Key file and click Open.

Click Browse and locate the VMCA Certificate file and click Open.

Click OK.

Connect to the Platform Services Controller

Click Certificate Management.

Enter the SSO Administrator password and click Submit.

Renew the Machine SSL Certificate

Click the Machine Certificates tab.

Select the __MACHINE_CERT and click Renew.

Click Yes.

Renew the Solution User Certificates

Click the Solution User Certificates tab.

Click Renew All.

Click Yes.

Click Logout.

Connect to the vCenter Server

Enter the vcenter.fqdn into the Server IP/FQDN text box and then enter the password for the SSO Administrator.

Click Submit.

Renew the Machine SSL Certificate

Click the Machine Certificates tab.

Select the __MACHINE_CERT and click Renew.

Click Yes.

Renew the Solution User Certificates

Click the Solution User Certificates tab.

Click Renew All.

Click Yes.

Click Logout.

Reboot the Platform Services Controller

Note: This can be completed in multiple ways but this is the way I did it.

Click Appliance Settings.

Click the VMware Platform Services Appliance link.

Enter username as root and the root password, then click Logon.

Click Reboot.

Click Yes.

There we have it, your VCSA should now be acting as a Subordinate CA using the VMCA solution!

Published on 25 March 2017 by Christopher Lewis. Words: 307. Reading Time: 2 mins.