After the certificate for the single sign-on server is updated, the system administrator updates the IaaS component registry on all IaaS component machines with the new virtual appliance certificate information. This process reestablishes trusted communications between the virtual appliance and IaaS components.

Run this procedure once from the Model Manager Data machine to update the database. All IaaS servers are updated from the database.

A single sign-on server can be the Identity Appliance or a supported version of the vSphere SSO.


Open a command prompt as an administrator on the Model Manager Data machine.


Type the following commands to download the root certificates from the single sign-on server into the local operating system trusted certificate store. Pkcs7CertPath represents the path to SSO root certificate.

Vcac-Config.exe DownloadRootCertificates --Pkcs7CertPath "C:\Program Files (x86)\VMware\vCAC\Web API\SSO.p7b" -v

Vcac-Config.exe DownloadRootCertificates --Pkcs7CertPath "C:\Program Files (x86)\VMware\vCAC\Server\Website\SSO.p7b" -v


Type iisreset to reset IIS.