If you decide to use a new VMCA root certificate, and you unpublish the VMCA root certificate that was used when you provisioned your environment, you must replace the machine SSL certificates, solution user certificates, and certificates for some internal services.

If you unpublish the VMCA root certificate, you must replace the SSL Signing Certificate that is used by vCenter Single Sign-On. See Refresh the Security Token Service Certificate. You must also replace the VMware Directory Service (vmdir) certificate.

Request a certificate for vmdir for your third-party or enterprise CA.

1

Stop vmdir.

Linux

service-control --stop vmdird

Windows


service-control --stop VMWareDirectoryService
2

Copy the certificate and key that you just generated to the vmdir location.

Linux

cp vmdir.crt /usr/lib/vmware-vmdir/share/config/vmdircert.pem
cp vmdir.priv /usr/lib/vmware-vmdir/share/config/vmdirkey.pem

Windows

copy vmdir.crt C:\programdata\vmware\vCenterServer\cfg\vmdird\vmdircert.pem
copy vmdir.priv C:\programdata\vmware\vCenterServer\cfg\vmdird\vmdirkey.pem
3

Restart vmdir from the vSphere Web Client or using the service-control command.

Linux

service-control --start vmdird

Windows


service-control --start VMWareDirectoryService