How To: Replace vCenter Operations Manager Certificates

In the previous blog  post entitled How To: Replace vCenter 5 & VUM Certificates we had replaced out certificates for vCenter and VUM but had only refreshed out vCOPS and View administration portals to connect to the trusted vCenter certificate.

In this post we are going to walk threw the process of replacing the vCenter Operations Manager Certificate, we are assuming that the prerequisites in How To: Replace vCenter 5 & VUM Certificates are in place.

Step 1 – Certificate Request

On an Windows Server 2008 based VM that has rights to request and enroll a certificate from your Internal CA

Click Start > Run > MMC > File > Add/Remove Snap-in

Select Certificates > Add > Computer Account > Next


Expand Personal > Certificates > Right Click > All Tasks > Request New Certificate

vCOPS02Click Next > Select Active Directory Enrollment Policy


Select your Certificate Template (mines called HorizonView) then click on ‘More information is required to enroll for this certificate.  Click here to configure settings’.


Change Subject Name to Common Value and enter the Fully Qualified Domain Name of your vCenter Operations Manager UI VM.  In my case it is and Add this to the certificate request.

Next change the Alternative Name to DNS and enter the NetBIOS name e.g. VMF-VCOPS01 and the Fully Qualified Domain Name e.g. and Add this to the certificate request


Click Next and then Enroll


Once enrolled you will see the new certificate is in your Personal folder


Step 2 – Export Certificate

Well, it’s not much good to us here, so we need to export it.  Right Click the Certificate > All Tasks > Export


Select Yes, export the private key and hit Next


Select Personal Information Exchange – PKCS #12 (.PFX) and hit Next


Enter the password for the Private Key (we will need this later so make sure you remember it)


Choose a destination and name for the exported certificate


If all has gone to plan, hit Finish


Step 3 – Convert .PFX to .PEM

The kicker is that vCenter Operations Manager doesn’t accept .PFX certificates only .PEM so we need to convert it using OpenSSL

Copy the certificate to the C: on your OpenSSL VM and then drop into the CMD and cd to C:OpenSS-Win32bin

The command we need to run is:

openssl pkcs12 -in C:vCPOSCert.pfx -out C:vCOPSCert.pem -nodes

You will be prompted for your password, enter this and your certificate is now in .PEM format


Step 4 – Import Certificate into vCenter Operations Manager

Launch the vCOPS Admin URL e.g. https://vcops01/admin and enter your credentials.

Select the SSL tab and then browse to your certificate location and hit Install


Once done, click o the Status Tab and Restart Application Controls.


If we have been successful, when you browse to your vCOPS URL you should see a Trusted Certificate


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s