Certificate management is a critical aspect of maintaining an IT infrastructure. Traditionally, it can be a time-consuming process involving multiple requests, team handoffs, and access to different endpoints and procedures.
In VMware Cloud Foundation (VCF) 9, a new feature makes this job much easier: automatic certificate renewal. This enhancement can significantly reduce the time and effort required to manage certificate lifecycles.
Here is the official techdocs article on the configuration and also details the auto renewal period; 60days before expiry.
Let’s get into configuring this.
In the VCF Operations UI, navigate to Fleet Management → Certificates.
You’ll now see the new certificate management view. In the top-right corner, click Configure CA.
Note: Not all components currently support auto-renewal, but many do.
We then need to supply the details regarding the CA certificate URL, credentials and the name of the template you should have already configured. You can find details about the CA infrastructure requirements, template and service accounts here.
Once done you will get a success message.
Now we have our CA configured in VCF Operation, we need to enable auto renewals in two places, one for VCF Management components and one for VCF instance components. Not every component supports auto certificate renewals, but most does.
Lets start with the VCF Management components. In the top right we have a option to enable auto renewal.
You will then we prompted with the following, confirm to proceed.
You will then see that it is activated for the components that support it. I don’t have everything deployed in my lab at the time of writing so a number of components are missing.
Now we repeat the same steps but for the VCF instance components.
Notice you have the option to show the ESX hosts at the instance level.
And there we have it. Your VMware Cloud Foundation certificates will now auto renew 60 days before the existing certificate expiry, saving you a significant amount of time and effort!
Hope this helps!
As always, thanks for reading!
If you like my content, consider following me on Twitter so you don’t miss out!