Replace Certificates of the Virtual Infrastructure Components in Region A

In this design, you replace user-facing certificates in Region A with certificates that are signed by a Microsoft Certificate Authority (CA). If the CA-signed certificates of the management components expire after you deploy the SDDC, you must replace them individually on each affected component.

About this task

By default, virtual infrastructure management components use TLS/SSL certificates that are signed by the VMware Certificate Authority (VMCA).

Infrastructure administrators connect to different SDDC components, such as vCenter Server systems or a Platform Services Controller from a Web browser to perform configuration, management and troubleshooting. The authenticity of the network node to which the administrator connects must be confirmed with a valid TLS/SSL certificate.

You can use other certificate authorities according to the requirements of your organization. You do not replace certificates for machine-to-machine communication. If necessary, you can manually mark these certificates as trusted.

  1. Replace the Platform Services Controller Certificates in Region A You replace the machine SSL certificate on each Platform Services Controller instance with a custom certificate that is signed by the certificate authority (CA).
  2. Replace the vCenter Server Certificates in Region A Replace the certificates on the Management vCenter Server and Compute vCenter Server and reconnect them to the other management components to update the new certificates on these components.
  3. Replace the Default Certificate with a Custom Certificate on the ESXi Hosts in Region A Optionally, after you obtain signed certificate for the ESXi hosts in Region A, use it to replace the default VMware Certificate Authority (VMCA) signed certificates on the hosts.
  4. Replace the NSX Manager Certificates in Region A After you replace the certificates of all Platform Services Controller instances and all vCenter Server instances, replace the certificates for the NSX Manager instances.
  5. Replace the Certificate of vSphere Data Protection in Region A vSphere Data Protection comes with a default self-signed certificate. Install a CA-signed certificate that authenticates vSphere Data Protection over HTTPS.

Parent topic: Replace Certificates of the Management Products in Region A

Next topic: Replace Certificates of the Cloud Management Platform Components in Region A

results matching ""

    No results matching ""