Replace Certificates of the Management Products in Region B
After you generate a certificate for a management product in Region B that is signed by the certificate authority on the parent or child AD server in the region, replace the default certificate or an expired certificate with newly-signed one on the product instance in the region..
Before you begin
Generate a certificate for the products in this validated design in one of the following ways:
Use the VMware Validated Design Certificate Utility. See Use the Certificate Generation Utility to Generate Certificates Automatically in Region B.
Generate Certificate Signing Requests manually and use them to have the product certificates signed by the certificate authority on the child AD server in Region B. See Generate Manually Key Pairs and Certificate Signing Requests for the Management Components in Region B and Generate CA-Signed Certificates for the SDDC Management Components in Region B.
Replace Certificates of the Virtual Infrastructure Components in Region B In this design, you replace user-facing certificates in Region B with certificates that are signed by a Microsoft Certificate Authority (CA). If the CA-signed certificates of the management components expire after you deploy the SDDC, you must replace them individually on each affected component.
- Replace Certificates of the Operations Management Components in Region B If the certificate of vRealize Log Insight in Region B expires, replace it and update it on the management components in the region to maintain secure connection.
Parent topic: Region B Certificate Replacement