VCDA – Certificate Replacement with XCA

VCDA
  • On-Premises to Cloud vCenter Replication Appliance (VC to VC, no VCD in the mix)
  • In a non Microsoft CA Environment (home lab), “XCA – X Certificate and Key Management” is used a a portable windows app to mint root and application certificates.
    https://github.com/chris2511/xca
  • Ensure you take a backup before the change. You can also shut down the VM, snapshot, power on.
  • You can find the old certificate as another rollback option./opt/vmware/h4/manager/config and NOT /opt/vmware/h4/serviceType/config/keystore.p12.bak as listed in the manual.
  1. Login to the VCDA /ui/admin website
  2. Configuration / Settings / Appliance settings / Certificate / Import
  3. Choose the site-a-vcda.my.lab.pfx file and enter the same password used to create the export.
  4. Click apply and you will be kicked out to the login screen.
  • The homepage will show
    vSphere plugin – Status: OUTDATED
    Replicator Services – Degradated functionality (2)
  • Click more will show the “Local Replicator Services (1)” is offline for the node itself and “Remote Replicator Services (1)
    ” showing the pair site as offline.
  • The vcenter plugin will show “no healthy upstream”
  • The pair VCDA will report “Certificate differs from the expected one.” for the VCDA node we just replaced the cert on.
  • Once all is validated (I like to reboot the VM), delete the VM snapshot if taken.