How to change vCenter Server Certificate

Mohammad Hossein Khoshraftar Yari

Hi, Today I decided to change my VCSA 8.0 certificate. For this purpose, we must do 4 things:

  1.  Create CSR from the vCenter server
  2.  Get a Certificate from an authority CA (I use a Microsoft CA server)
  3.  Install OpenSSL and Convert the CER format certificate to PEM format
  4. Assign it to vCenter

Let’s start.

1. Create CSR from the vCenter server:

1-1 Login to vCenter Server

1-2 Go to the Inventory

1-3 Go to the Certificate –> Certificate Management –> Generate Certificate Signing Request(CSR)

1-4 Enter your information

1-5 Copy CSR Request

2. Get a Certificate from an authority CA (I use a Microsoft CA server)

2-1 Go to your Microsoft CA server (or other Authority Certificate) http;//your_CA-Server_IP/certsrv

Click on the “Request a certificate

2-2 Click on the “advanced certificate request

2-3 Past your CSR request here (We copy CSR Request in 1-5) and choose Web Server, then click submit.

2-4 Download Certificate (Base 64 encoded)

3.  Install OpenSSL and Convert the CER format certificate to PEM format

3-1 Now, we need to convert this certificate to PEM, so we need a tool for covering the certificate.

I used OpenSSL tools.

How to install OpenSSL?

3-2 I downloaded the MSI version. And click on it.

3-3 Accept the agrrement and Next.

3-4 Select a path for installation.

3-5 Next

3-6 Click on the Install button.

3-7 Open the Command prompt as an administrator account, then go to the installation_path\OpenSSL-Win64\bin

3-8 Used this command to convert .cer to .pem. (for vCenter Server certificate)

openssl x509 -in certnew.cer -out certnew-vc01.pem

3-9 Used this command to convert .cer to .pem. (for root certificate)

openssl x509 -in root.cer -out root.pem

4. Assign it to vCenter

4-1 Now, click on the “Import and Replace Certificate” button.

4-2 Choose to Replace with external CA certificate where CSR is generated from vCenter Server.

4-3 Click on the Browse File button, then

4-4 Select vCenter PEM format certificate

4-5 Click on the Browse File button, then

4-6 Select root PEM format certificate

4-7 The vCenter ask you to wait some minutes and after that try to refresh your browser.

Finish 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *