New fling: SDDC Certificate Tool

VMware has released a new fling SDDC Certificate Tool Summary: Replacing SSL certificates across VMware products is a manual and time-consuming process. The SDDC Certificate Tool automates this workflow and makes it easy to keep certificates across your SDDC up to date. It will replace all certificates in the supported products and reestablish trust between the components. Supported Products

  • VMware Platform Services Controller (PSC)
  • VMware vCenter Server (VC)
  • VMware NSX for vSphere (NSX)
  • vRealize Log Insight (vRLI)
  • vRealize Operations Manager (vROps)
  • vRealize Automation (vRA)
  • vRealize Business for Cloud (vRB)

More about this Fling: New SDDC Certificate Replacement Fling by William Lam   Requirements:

  • PhotonOS or Linux running Java 1.8+
  • Certificate Files in x509 format (.cer)
  • Certificate Chain in x509 format (.cer)

Supported VMware products:

Product

Minimum Version

Maximum Version

VMware Platform Services Controller (PSC)

6.0 U2

6.7  

VMware vCenter Server** (VC)**

6.0 U2

6.7 

**VMware ****NSX for vSphere **(NSX)

6.2.4

6.4.1 

vRealize** Log Insight (vRLI)**

3.6

4.6

vRealize** Operations Manager (vROps)**

6.3

6.7

vRealize** Automation (vRA)**

7.4

7.4

vRealize** Business**** for Cloud (vRB)**

7.1

7.4

Instructions: Simple Workflow Note: See PDF for detailed instructions. This workflow is only if you already have signed certificates that you want to replace on VMware components.

      1. Copy signed certificates, private keys, and the certificate authority chain from your Certificate Signing Authority to a Linux server. A private folder is recommended to safeguard the private keys.
      2. Download and extract the SDDC Certificate Tool to the /opt/vmware/cert-mgmt/ folder.
      3. Follow a configuration template and edit it to match your environment. Follow the examples at /opt/vmware/cert-mgmt/config and the Configuration File section for a detailed look.
      4. Run Certificate Replacement command.``` java -jar lib/certreplace-*.jar -c config/config.json -replacecert - passwordEntry

  Download the PDF for more detailed instructions. Instruction video