Managing Certificates in VMware Cloud
Foundation
You can use the to manage certificates in a
instance, including
integrating a certificate authority, generating and submitting certificate signing requests
(CSR) to a certificate authority, and downloading and installing certificates.
This section provides instructions for using
either:
- OpenSSL as a certificate authority, which is a native option in .
- Integrating with Microsoft Active Directory Certificate Services.
- Providing signed certificates from another external Certificate Authority.
You can manage the certificates for the
following components.
- VxRail Manager
- Use to manage certificates for the other components.
does not manage certificates
for ESXi hosts. By default, ESXi hosts use VMCA-signed certificates, but they can also
use external CA-signed certificates. If ESXi hosts are using VMCA-signed certificates,
VMCA manages the certificates and certificate rotation. If ESXi hosts are using external
certificates, you are responsible for managing the certificates. For more information
about external certificates, see 署名付き証明書を使用した ESXi ホストの構成.
You replace certificates for the following
reasons:
- A certificate has expired or is nearing its expiration date.
- A certificate has been revoked by the issuing certificate authority.
- You do not want to use the default VMCA-signed certificates.
- Optionally, when you create a new workload domain.
It is recommended that you replace all
certificates after completing the deployment of the management domain. After you create a new VI
workload domain, you can replace certificates for the appropriate components as
needed.