A system administrator can update certificates for the Identity Appliance, the vCloud Automation Center Appliance, and IaaS components. Typically, an update is performed when switching from self-signed certificates to certificates provided by a certificate authority chosen by the system administrator.

When you update a certificate for a vCloud Automation Center component, components that have a dependency on this certificate are affected. You must register the new certificate with these components to ensure certificate trust.

You must update all components of the same type in a distributed system. For example, if you update a certificate for one vCloud Automation Center Appliance in a distributed environment, you must update all instances of vCloud Automation Center Appliance for that installation.

Certificates for the Identity Appliance management site and vCloud Automation Center Appliance management site do not have registration requirements.

Update components in the following order:

1

Identity Appliance

2

vCloud Automation Center Appliance

3

IaaS components

With one exception, changes to later components do not affect earlier ones. For example, if you import a new certificate to a vCloud Automation Center Appliance, you must register this change with the IaaS server, but not with the Identity Appliance. The exception is that an updated certificate for IaaS components must be registered with vCloud Automation Center Appliance.

The following table shows registration requirements when you update a certificate.

Registration Requirements

Updated Certificate

Register new certificate with Identity Appliance

Register new certificate with vCloud Automation Center Appliance

Register new certificate with IaaS

Identity Appliance

Not applicable

Yes

Done automatically

vCloud Automation Center Appliance

No

Not applicable

Yes

IaaS

No

Yes

Not applicable

Note

If your certificate uses a passphrase for encryption and you do not enter it when you replace your certificate on the virtual appliance, the Unable to load private key message appears. Verify that you have supplied the correct passphrase.

When a vCloud Automation Center Appliance host name is changed, you must update the Identity Appliance with the vCloud Automation Center Appliance certificate. For more information, see Update the Identity Appliance with the vCloud Automation Center Appliance Certificate.