We’d like to inform everyone of some excellent documentation and videos that were recently put together by some smart folks over at VMware. The following links provide details around the new vSphere Certificate Manager Utility, which is a huge step forward in terms of certificate management, as well as knowledgebase articles (with embedded videos!) that provide step-by-step guidance for each of the components.
Master SSL KB Article:
Implementing CA signed SSL certificates in vSphere 6.0 (2111219)
Note: This article is packed with information regarding VECs and the VMCA, in addition to the actual replacement process and what is supported with this release. I’d advise everyone giving it a review to familiarize yourself with the new architecture!
Creating the proper templates:
Creating a Microsoft Certificate Authority Template for SSL certificate creation in vSphere 6.0 (2112009)
Replacing Certificates without the VMCA:
Replacing a vSphere 6.0 Machine SSL certificate with a Custom Certificate Authority Signed Certificate (2112277)
Replacing the vSphere 6.0 Solution Users certificates with a Custom Certificate Authority signed certificates (2112278)
Replacing Certificates with the VMCA as a subordinate:
Configuring vSphere 6.0 VMware Certificate Authority as a subordinate Certificate Authority (2112016)