I'm trying to replace all certs used by vCenter 5.1 and have so far succeeded using the predeployment method stated in Derek's blog here. However, this link, and the corresponding VMware (threadbare) documentation for SSL certificate replacement do not address ESXi Dump Collector, Syslog Collector, Auto Deploy, and Authentication Proxy.
The only documentation I can find is in vCenter Setup guide page 76:
---
You can use your own Certificate Authority (CA) by replacing the Open SSL certificate (rbdca.crt) and the OpenSSL private key (rbd-ca.key) with your own certificate and key file.
On Windows, the files are in the SSL subfolder of the Auto Deploy installation directory. For example, on Windows 7 the default is c:\ProgramData\VMware\VMware Auto Deploy\ssl.
---
My question is why does Auto Deploy need the CA certificate and private key in addition to the standard rui.crt and rui.key for SSL usage?
Also, what are the requirements for these certificates and for the other vCenter addons (Syslog Collector, etc...)? Can the same certificate/key used by vCenter be used here for these applications since they reside on the same server as vCenter?
As noted in Derek's blog, the certificates used by Inventory Service, Update Manager, vCenter Server, SSO, and the Web client must all contain unique OU= fields, but do those restrictions apply to these modules as well?
-Ed