Install Third-Party CA-Signed Certificates Using Server Certificate and Certificate Authority Files

VMware Cloud Foundation

supports two ways to install third-party certificates. This procedure describes the new method, which is the default method for

VMware Cloud Foundation

4.5.1 and later.

If you prefer to use the legacy method for installing third-party CA-signed certificates, see Install Third-Party CA-Signed Certificates in VMware Cloud Foundation Using a Certificate Bundle.

In the navigation pane, click

Inventory

Workload Domains

On the

Workload Domains

page, from the table, in the domain column click the workload domain you want to view.

On the domain summary page, click the

Certificates

tab.

Generate CSR files for the target components.

From the table, select the check box for the resource type for which you want to generate a CSR.

Click

Generate CSRs

The

Generate CSRs

wizard opens.

On the

Details

dialog, configure the settings and click

Option	Description
Algorithm	Select the key algorithm for the certificate.
Key Size	Select the key size (2048 bit, 3072 bit, or 4096 bit) from the drop-down menu.
Email	Optionally, enter a contact email address.
Organizational Unit	Use this field to differentiate between divisions within your organization with which this certificate is associated.
Organization Name	Type the name under which your company is known. The listed organization must be the legal registrant of the domain name in the certificate request.
Locality	Type the city or locality where your company is legally registered.
State	Type the full name (do not abbreviate) of the state, province, region, or territory where your company is legally registered.
Country	Type the country name where your company is legally registered. This value must use the ISO 3166 country code.

(Optional) On the

Subject Alternative Name

dialog, enter the subject alternative name(s) and click

You can enter multiple values separated by comma (,), semicolon (;), or space ( ). For NSX-T, you can enter the subject alternative name for each node along with the Virtual IP (primary) node.

Wildcard subject alternative name, such as *.example.com are not recommended.

On the

Summary

dialog, click

Generate CSRs

Download and save the CSR files by clicking

Download CSR

When the downloads complete, request signed certificates from your third-party Certificate Authority for each .csr.

After you receive the signed certificates, open the

SDDC Manager UI

and click

Upload and Install

In the

Install Signed Certificates

dialog box, select the resource for which you want to install a signed certificate.

The drop-down menu includes all resources for which you have generated and downloaded CSRs.

Select a

Source

and enter the required information.

Source	Required Information
Paste Text	Copy and paste the: Server Certificate Certificate Authority Paste the server certificate and the certificate authority in PEM format (base64-encoded) . For example: -----BEGIN CERTIFICATE----- <certificate content> -----END CERTIFICATE------ If the Certificate Authority includes intermediate certificates, it should be in the following format: -----BEGIN CERTIFICATE----- <Intermediate certificate content> -----END CERTIFICATE------ -----BEGIN CERTIFICATE----- <Root certificate content> -----END CERTIFICATE-----
File Upload	Click Browse to upload the: Server Certificate Certificate Authority Files with .crt , .cer , .pem , .p7b and .p7c extensions are supported.
Certificate Chain	Click Browse to upload the certificate chain. Files with .crt , .cer , .pem , .p7b and .p7c extensions are supported.

Click

Validate

If validation fails, resolve the issues and try again, or click

Remove

to skip the certificate installation.

To install a signed certificate for another resource, click

Add Another

and repeat steps 8-10 for each resource.

Once all signed certificates have been validated successfully, click

Install

Managing Certificates in VMware Cloud Foundation

Content feedback and comments