Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides

Search the VMware Knowledge Base (KB)

View by Article ID

Updating SSL certificates for vCenter Single Sign On servers behind a load balancer (2034181)

Details

When a deployment of vCenter Single Sign On server systems is located behind a load balancer, you update the SSL certificates for the Single Sign On nodes the same way as you would update the certificates for nodes that are not behind a load balancer. However, it is not necessary to update the Lookup Service entries for the Security Token Service (STS), SSO Admin, and Group Check services. Instead, you must copy the new certificate files to the vCenter Single Sign On system and update the new keystore.

Solution

Copy the certificate files (for example, rui.crt, rui.key, and rui.pfx) to the system where vCenter Single Sign On is installed.
Stop the Single Sign On server.
Update Single Sign On with the new keystore using the following command:
<SSO install directory>\utils\ssocli configure-riat -a configure-ssl --keystore-file file --keystore-password password
Start the Single Sign On server.

Depending on how your load balancing software is configured, you might also be required to update the load balancer's certificate trust store to contain the new certificate. This action enables trusted SSL connections between the load balancer and Single Sign On servers.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

1 2 3 4 5
1 Ratings

1 2 3 4 5
1 Ratings

Actions

Bookmark Document

KB:

Did this article help you?
This article resolved my issue. This article did not resolve my issue. This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)