Technical blog: January 2023

Replace vCenter 7.0 Machine Certificate with Internal SSL certificate using vCenter Web Console

How to replace machine certificate with Internal SSL certificate using vCenter web console

This article is to replace Machine SSL certificate of vCenter 7.0

Open PowerShell and run below command, you need to replace with your vCenter FQDN

Get-Certificate -Template WebServerCustom -SubjectName "CN =DEMOVCSA.vsphere.com,OU = International SOS,O = Int,L = Sin,S = SG,C = SG" -DnsName DEMOVCSA.vsphere.com, DEMOVCSA -CertStoreLocation cert:\LocalMachine\My

MMC-> this computer -> Certificate

Expand the personal certificate folder -> you will see Certificates with the same name have already been created.

Export ->

Make sure you have selected Export all extended properties

Enter the password

Go to the path where you have exported .pfx file

Now open Win32 OpenSSL command prompt with Administrator privilege

Run Below command after replacing file name

openssl pkcs12 -in C:\Certificate\server\DEMOVCSA.pfx -nocerts -out C:\Certificate\server\DEMOVCSA.key.pem -nodes

Password: Temp@123

openssl pkcs12 -in C:\Certificate\server\DEMOVCSA.pfx -nokeys -out C:\Certificate\server\DEMOVCSA.pem

Now two files will export at given path -> C:\Certificate\server\

DEMOVCSA.key.pem

DEMOVCSA.pem

Now login to vCenter with global permission account

Click on Menu -> Administrator

Under Certificate click Certificate Management

Now go to Machine_Cert -> Actions

Click Import and Replace Certificate

Select Relace with external CA Certificates Private Key

Click Next

Open VCSADEMO.Pem file in notepad from C:\Certificate\server\

Copy -----BEGIN CERTIFICATE----- to -----END CERTIFICATE----- and paste

Copy second Key and paste in

Now open another file sin1vsyvvc001.key in Notepad and paste it in

Then click Replace

Now you will see the message certificate import completed successfully and you will be asked to re-login

It will take some time in bringing up the service

Once the service is up you need to open the vCenter web console and from there you can see certificate status, now it should show a trusted certificate.

vCenter Server upgrade from 7.0U3 to 8.0 step by step

Step by step to upgrade vCenter 7.0U3 to vCenter 8.0

Download VMware-VCSA-all-8.0.0-20920323.iso file

Mount it to any Jump host from where existing vCenter and ESXI host is reachable.

Go to E:\vcsa-ui-installer\win32

And Launch Installer.exe

Click on Upgrade

Click Next

Accept license and click Next

Enter Source vCenter details

HTTPS port 443

SSO User name

SSO Password

Appliance root password

Enter ESXI host details that manage the existing vCenter

Click Next

Click Yes to accept the Certificate

Enter target ESXI host details where you want to deploy new vCenter

In my case I am deploying new vCenter on same ESXI host where my existing vCenter is deployed

Click Yes to accept certificate

Give the VM name (New vCenter inventory Name)

Select Deployment size as per infra setup.

Click Next

Select the datastore and Enable Thin disk mode

Click next

Enter temporary IP address, Subnet and Gateway

Click Next

Click finish to start deployment

Stage 1 has started; once stage 1 will complete stage 2 will start

Stage 1 has completed; now click continue to start stage 2

Click next

Pre-upgrade checks are in progress

During pre-upgrade check if anything will not match it will throw error here and you need to fix it before process it forward.

In my case it is just giving warning that can be easily ignore.

Select the upgrade data -> Next

Click Next

Check mark on I have backed up the source vCenter server and click Finish

Click OK

Now Stage 2: Data transfer has started and final setup is in progress.

Now existing vCenter has powered off and final configuration has started

Now importing copied data to target vCenter server.

Final data migration completed.

Click on vCenter Server getting started page: link to launch the console

Veeam backup & Replication 11 installation | Repository add |vCenter Add in Veeam Backup

Download the setup file

Double click on setup.exe

Click Install

Note-: If you want to install these component standalone then click standalone components

Click Ok to install prerequisites in case you have not already installed.

Post installation prerequisites it will prompt for reboot.

Accept the license term and condition.

Browse license file -> Next

Select the product and change the installation path

Install the minimum requirements

Enabling missing features

Now prerequisites have been installed

Assign Write cache folder and Guest catalog folder path to different drive like below

V:\programData\Veeam\backup\folder name where you have to keep

V:\VBRCatalog

Write cache path will be used when you will perform VM recovery.

Use the service account

By default Veeam will install express edition on this machine if you want to choose existing then change the option and give the database server name.

If you are using express edition then size will be 10GB so if you are planning to take Exchange or SharePoint backup then always plan to use Enterprise or standard edition.