VMware VCSA – SSL Certificate Verification Failed


Today, I changed the IP address of my VMware vCenter Server Appliance and was greeted by a SSL certificate verification failed error message after I tried to login to the vSphere web-client on the new IP address.

Apparently, the VCSA does not regenerate a new SSL certificate automatically after you changed the IP address and/or hostname.

In order to generate a new SSL certificate and automatically generate new certificates, if needed, follow the steps below:

  1.  Login to your VCSA Console (https://vcsa:5480)vcsa-console-login
  2. Go to the Admin-Tab, set Certificate regeneration enabled to Yes and Save setting.
    This will make sure a new SSL certificate will be generated every time you reboot your VCSA instance.certificate_regeneration
  3. Last, go to the System-Tab and Reboot the VCSA instance to get a new certificate generated.vcsa-rebootNote: Rebooting VCSA can take up to 10 minutes.
  4. Once the VCSA is back up and all services are started, you can login to the vSphere web-client. The SSL certificate error should no longer be present.




3 Comments|Add your own comment below

  1. Good clear explanation!

    Note you should be using FQDN for certificates not ip address. I appreicate that this is a test set up. All Trusted Third Party CA will not issue ip address based certs from November 2015. So really dont use IP address for production.

  2. Be careful, if you have certs from a CA (internal or external) using that checkmark will remove all customized certs as well. In such case you should replace certificates only via the normal replace procedure.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.