7 Responses

  1. andreacasini
    andreacasini at |

    I was looking at the doc about Refresh the Security Token Service (STS) Root Certificate but I really don’t understand the instructions… did you investigate the matter?

    I don’t even know if I need it, I used the vSphere Manager Certificate Manager Utility but I don’t see listed the original root ca so I believe I should refresh the STS Root Cert.

  2. vSphere 6.0 Link-O-Rama » Welcome to vSphere-land!

    […] 6: VMware Certificate Authority (VMCA): Design Decisions (Ather Beg’s Useful Thoughts) vSphere 6: Using VMCA as a Subordinate CA (Long White Virtual Clouds) vSphere 6 Certificate Lifecycle Management (MyVirtuaLife.Net) VMware […]

  3. Lars Troen (@larstr)
    Lars Troen (@larstr) at |

    This kinda works, but not completely. You will get some problems later, atleast I did. Had to change the cert to a self signed again:

    C:\Program Files\VMware\vCenter Server\vmcad>certool.exe –selfca –config selfcert.cfg
    Using config file : selfcert.cfg
    Status : Success

    After doing this I was able to use VMware’s built in certificate-manager and I used the same certificate as I did with certool mentioned in this blog.

    I actually followed the steps for “Replace VMCA Root certificate with Custom Signing Certificate and replace all Certificates (Using VMCA as a subordinate CA)” as desribed in this blog posting:


  4. Bas van den Dikkenberg
    Bas van den Dikkenberg at |

    Does it also sign the update services certificate or need to do this manual

    1. Bas van den Dikkenberg
      Bas van den Dikkenberg at |

      If not how do generate a new cert for the update services ?


Leave a Reply