VMware VCSA – SSL Certificate Verification Failed


Today, I changed the IP address of my VMware vCenter Server Appliance and was greeted by a SSL certificate verification failed error message after I tried to login to the vSphere web-client on the new IP address.

Apparently, the VCSA does not regenerate a new SSL certificate automatically after you changed the IP address and/or hostname.

In order to generate a new SSL certificate and automatically generate new certificates, if needed, follow the steps below:

  1.  Login to your VCSA Console (https://vcsa:5480)vcsa-console-login
  2. Go to the Admin-Tab, set Certificate regeneration enabled to Yes and Save setting.
    This will make sure a new SSL certificate will be generated every time you reboot your VCSA instance.certificate_regeneration
  3. Last, go to the System-Tab and Reboot the VCSA instance to get a new certificate generated.vcsa-rebootNote: Rebooting VCSA can take up to 10 minutes.
  4. Once the VCSA is back up and all services are started, you can login to the vSphere web-client. The SSL certificate error should no longer be present.