In this blog post, we will discuss how to replace a self-signed certificate with a trusted SSL/TLS certificate for VMware vCenter 7, the centralized management tool for VMware’s vSphere environment.

Log in to the VMware vCenter server using the vSphere client.
Click on the Menu tab in the top navigation bar and select Administration from the drop-down menu.
Click on Certificates and Select Certificate Management.

Click on the Actions dropdown menu and select Generate Certificate Signing Request (CSR) in the Machine SSL Certificate section.

In the Generate CSR window, enter the required information in the fields provided, Organization, Organizational Unit, Locality, State or Province, and Country. The Common Name (CN) and Hostname fields are automatically filled in based on the hostname assigned to vCenter.

Click Generate to generate the CSR and save the CSR file to your local machine.

The CSR can now be used to obtain a signed certificate from a certificate authority (CA). Login to http://CA/certsrv and click Request a Certificate > Click Advanced Certificate Request and paste the content of CSR generated in vCenter.

Select Base 64 encoded and click Download Certificate.

Add the CA Root Certificate in Base64 format in Administration > Certificate > Certificate Management > Trusted Root Certificates > Add

Click Actions > Import and Replace Certificate in Machine SSL Certificate

Select Replace with external CA certificate where CSR is generated from vCenter Server (private key embedded)

After obtaining the signed certificate for vCenter, which is contained in one .cer file, and the public certificate of the CA that signed the certificate, which is contained in another .cer file, it’s time to copy and paste their contents. The signed certificate for vCenter should be pasted in the Machine SSL Certificate section, while the public certificate of the CA can be pasted in the Chain of Trusted Root Certificates section. Simply copy and paste the contents of both files into the corresponding fields, and you’re good to go.

In conclusion, replacing the certificate in vSphere vCenter is a straightforward process that can be accomplished through the Certificate Management interface. After generating the CSR, obtaining and importing the signed certificate from a CA, and copying the contents of both .cer files, the certificate is automatically replaced. There is no need to restart vCenter, and the updated certificate can be verified through your browser. Keeping the SSL/TLS certificates up-to-date is essential for ensuring secure communication between users and the vCenter.