This is part 6 of a 7 part post on managing vSphere 5 Certificates:

1. Installing a Root Certificate Authority
2. Distributing the root CA certificate to clients
3. Creating the default vCenter 5 Server Certificate and including a DNS alias
4. Replacing the default vCenter 5 Server Certificate
5. Replacing the default vCenter 5 Web Client Server Certificate
6. Replacing the default vCenter 5 Inventory Service Certificate
7. Replacing the default vSphere Update Manager 5 Server Certificate

vCenter Server actually has three different components which need their certificates updated, vCenter Server, vCenter Web Client Server and vCenter 5 Inventory Service. Initially I had only written the vCenter Server certificate steps but luckily Michael Webster (VCDX #66) keeps me on my toes and I’ve now added parts for the other two components.

You should have now created the default vCenter 5 server certificate files, replaced the default vCenter 5 Server certificate, replaced the vCenter 5 Web Client Server certificate and can now go ahead and replace the vCenter 5 Inventory Service Certificate with the same new certificate files you have created.

On the vCenter Server navigate to C:\Program Files\VMware\Infrastructure\Inventory Service\ssl.

Make a backup copy of the SSL folder.

Copy the rui.crt, rui.key and rui.pfx files from C:\OpenSSL-Win64\bin into the into the vCenter Inventory Service SSL folder

Restart the vCenter Inventory Service which will also restart the VMware vSphere Profile-Driven Storage Service.

Part 7 will show you how to replace the default vSphere Update Manager 5 Server certificate.