Hello all,
We are planning to change our vCenter self-signed certificate (Machine SSL) with a new one signed by a 3rd party CA.
I have two questions:
1- In the vCenter certificate manager GUI, there is a field mentioning "Chain of trusted root certificates". Where can we obtain this trusted root certificate chain? Should we obtain it from our 3rd party CA? (Please see screenshot)
2- There is also field mentioning "Trusted Root Certificates". Should I add Trusted Root Certificates here? If yes, where can we obtain trusted root certificates? Should we obtain it from our 3rd party CA? (Please see screenshot)
Thank you.
Hi @cakcan
You need to request a new certificate for your vCenter including the chain as well as the root certificate. For the certificate request you can generate the CSR thorugh GUI
It's recommened to replace the certificate thorugh ssh session as during replacement the services will be restarted. A good blog how to do it can be found here: Replace VCSA 6.7 Certificate (VMCA) by an ADCS Signed Certificate (vmarena.com)
Regards
Daniel