Depending on organizational or technical requirements, you may have a need to replace the default certificates for vCenter or ESXi. This is easily accomplished once you understand the process.
- Create a private key
- Create a certificate request
- Obtain the certificate from a certificate authority
- Convert the certificate to PFX format
- Place the certificate, private key, and PFX certificate in the appropriate directories
VMware vCenter, Inventory Service, Update Manager, Web Client and Single Sign on all have SSL requirements. I suggest you read the associated documentation as failure to do so can prevent vCenter from starting or hosts communicating with your vCenter.
There are a number of important notes. The passphrase for the private key must be ‘testpassword’, otherwise you must edit the keystore pass at %ProgramFiles%VMwareInfrastructuretomcatconfserver.xml.
Generating SSL Certificates
Replacing vCenter Update Manager Certificates
Replacing vCenter 5.1 and ESXi Certificates