You replace the machine SSL certificate on the Platform Services Controller with a custom certificate that is signed by a certificate authority.

Certificate-Related Files on Platform Services Controller

Platform Services Controller

Certificate File Name

sfo01w01psc01.sfo01.rainpole.local

sfo01w01psc01.sfo01.1.cer

sfo01w01psc01.sfo01.key

Root64.cer

CA-signed certificate files generated by using VMware Validated Design Certificate Generation Utility (CertGenVVD). See the VMware Validated Design Planning and Preparation documentation.

A Windows host with an SSH terminal access software such as PuTTY and an scp software such as WinSCP installed.

1

Change the Platform Services Controller command shell to the Bash shell to allow secure copy (scp) connections.

a

Open an SSH connection to sfo01w01psc01.sfo01.rainpole.local and log in using the following credentials.

Setting

Value

Username

root

Password

psc_root_password

b

Run the following commands to enable Bash shell access for the root user.

shell
chsh -s "/bin/bash" root
2

Copy the generated certificates to the Platform Services Controller.

a

Run the following command to create a new temporary folder.

mkdir -p /root/certs
b

Copy the certificate files sfo01w01psc01.sfo01.1.cer, sfo01w01psc01.sfo01.key and Root64.cer to the /root/certs folder.

You can use an scp software like WinSCP.

3

Replace the certificate on the Platform Services Controller.

a

Start the vSphere Certificate Manager utility on the Platform Services Controller.

/usr/lib/vmware-vmca/bin/certificate-manager
b

Select Option 1 (Replace Machine SSL certificate with Custom Certificate).

c

Enter the default vCenter Single Sign-On user name administrator@vsphere.local and the vsphere_admin password.

d

Select Option 2 (Import custom certificate(s) and key(s) to replace existing Machine SSL certificate).

e

When prompted for the custom certificate, enter /tmp/certs/sfo01w01psc01.sfo01.1.cer.

f

When prompted for the custom key, enter /tmp/certs/sfo01w01psc01.sfo01.key.

g

When prompted for the signing certificate, enter /tmp/certs/Root64.cer.

h

When prompted to continue operation, enter Y.

The Platform Services Controller services restart automatically.

4

After Certificate Manager replaces the certificates, run the following commands to restart the vami-lighttp service and to remove certificate files.

service vami-lighttp restart
cd /root/certs
rm sfo01psc01.1.cer sfo01psc01.key Root64.cer
5

Verify that the certificates have been updated.