How to manage certificates in GUI in vSphere 7

vCenter Server 7.0 has done some interesting things to help make certificate management easier. To start, the solution certificates are deprecated, being replaced under the hood with a less complex but equally secure method of connecting other products like vRealize Operations, vRealize Log Insight, etc. 

  • Login to vCenter 
  • Go to → Menu → Administration → Certificate Management
  • From here we can perform those activities on certificates:
    • Renew
    • Import and Replace Certificate
    • Generate Certificate Signing Request (CSR)


  • Click RENEW
  • The process will run in the background
  • VC will be restarted automatically


There are three options:

  1. Replace with VMCA certificate
  2. Replace with external CA certificate where CSE is generated from vCenter Server (private key embedded) (this option changed with Update 2)
  3. Replace with external CA certificate (require a private key)
  • Once you chose the option, click next and fill out the form

  • Once happy with the choice, click REPLACE
  • VC will restart automatically


  • Fill out the form and click NEXT
  • Copy or download the CSR to provide it to your Certificate Authority to be signed

Visit my FB page:

Subscribe to my YouTube channel:

Please leave the comment