Implementing CA signed SSL certificates with vSphere 5.x – Part 4 – VUM and vCO/vRO


In the previous post, we discussed the replacement of SSL certificates in the vCenter Server Appliance. Following our planning, next on the list is the vSphere Update Manager and the vCenter Orchestrator Appliance.

vSphere Update Manager

Our guide is “Configuring CA signed SSL certificates for vSphere Update Manager in vCenter Server 5.1 and 5.5 (2037581)”.

One important note from this KB: “You can replace only the SSL certificates that Update Manager uses for communication between the Update Manager server and client components.
You cannot replace the SSL certificates that Update Manager uses on port 9087 when importing offline bundles or upgrade release files.

KB 2037581 resumes at the point where we ended in Part 2, and created the required SSL certificates.


  • Assuming the VUM is a VM, create a snapshot before you start working.
  • If you haven’t already done this, import the root certificate Root64.cer into the “Trusted Root Certification Authorities” Windows certificate store. This ensures that the certificate server is trusted from now on.
    Figure 1
  • Backup the current certificates, location: C:\Program Files (x86)\VMware\Infrastructure\Update Manager\SSL directory.
    Figure 2
  • Copy the new certificate files to this directory replacing the current ones. If you are following my blog posts, the certificates are located in C:\certs\UpdateManager.
  • Stop the vSphere Update Manager Service and the vSphere Update Manager UFA services from the services control manager.
  • Launch the exe application, located in C:\Program Files (x86)\VMware\Infrastructure\Update Manager.
    While using the VCSA, the VUM is always separated, so use the IP address or hostname of the vCSA. Use the credentials Update Manager uses to connect to the VCSA.
    Figure 3
  • Click the SSL Certificate Link.
  • Select the Followed and verified the steps.
  • Click Apply.
    Figure 4
  • Click OK when prompted with message “Restart the VMware vSphere Update Manager service to apply the setting”.
  • Restart the vSphere Update Manager Service and the vSphere Update Manager UFA services.

Read the rest of this entry »