PSC HA 6.5: 4 – Replacing the default Machine SSL Certificate

This section must be performed on all PSC Nodes participating in the PSC HA instance.

Important: The PSC Node you install this certificate into must have it’s FQDN present in the new certificate.

Launch the Certificate-Manager

Launch the Certificate-Manager and select Option 1, then select sub Option 2.

/usr/lib/vmware-vmca/bin/certificate-manager

Launch the Certificate-Manager – Windows

Open an Administrator Command Prompt

Launch the Certificate-Manager and select Option 1, then select sub Option 2.

"C:\Program Files\VMware\vCenter Server\vmcad\certificate-manager.bat"

Provide the new certificate

Provide the paths to the psc-ha-vip-chain.crt, psc-ha-vip.key and cachain.crt files created in the previous section

Please provide valid custom certificate for Machine SSL.
File : /certs/psc-ha-vip-chain.crt
Please provide valid custom key for Machine SSL.
File : /certs/psc-ha-vip.key
Please provide the signing certificate of the Machine SSL certificate
File : /certs/cachain.crt

Important: Replace the Machine SSL Certificate of the additional PSC using the same certificate.

Next: Run the PSC HA 6.5 Scripts

Advertisements