Замена SSL сертификата на VMware vCenter Server Appliance (VCSA)

- VCSA web interface http://<vcsa_server>:5480

• prepare your_cert.cer and your_key.key file and copy these files to VCSA server in temporary folder
• create server.pem file:
    cat your_key.key > server.pem
    cat your_cert.crt >> server.pem
• server.pem file should be like this:
    -----BEGIN RSA PRIVATE KEY-----
     <private_key>
    -----END RSA PRIVATE KEY-----
    -----BEGIN CERTIFICATE-----
     <certificate>
    -----END CERTIFICATE-----
• copy and replace our new server.pem file to folder /opt/vmware/etc/lighttpd/server.pem
• restart lighttpd web server:
    /etc/init.d/vami-lighttp stop
    /etc/init.d/vami-lighttp start

- Vmware vCenter service

• prepaire rui.crt and rui.key file
• create rui.pfx. Better way create pfx on VCSA server with this command:
  openssl pkcs12 -export -in rui.crt -inkey rui.key -name rui -passout pass:testpassword -out rui.pfx
• connect to VCSA via SSH and create backup of these files:
  /etc/vmware-vpx/ssl/rui.*
  /usr/lib/vmware-vpx/inventoryservice/ssl/rui.*
• copy and replace yours rui.crt, rui.key and rui.pfx to folders:
  /etc/vmware-vpx/ssl/
  /usr/lib/vmware-vpx/inventoryservice/ssl/
• open file /etc/hosts and add one line in the beginnign of the file:
  <vcsa_ipv4_address> <VCSA_FQDN> <VCSA_host_name>for example:
  192.168.10.15 vcsa.vmware.com vcsa
• load replacement certificates to memory:
• open browser and connect to
  https://<VCSA_FQDN>/mob/?moid=vpxd-securitymanager&vmodl=1
• enter administrators login and password
• click reloadSslCertificate
• Click Invoke Method.
  A message appears on the Web page: Method Invocation Result: void.
• restart VCSA server.
• check that your certificate was installed correctly:
• open browser, connect to https://<VCSA_FQDN> and check that you see correct sertificate.

Another useful links about this theme:
vCenter Server Virtual Appliance – Changing SSL Certs Made Easy
Replacing vCenter Server 5 and ESXi Certificates