Replacing vSphere 6.0 certificates using VMCA as a Subordinate CA In vSphere 6.0 the VMCA (VMware Certificate Authority) was introduced. This is basically vSphere’s own CA and it’s purpose is to simplify certificate generation and implementation in vSphere, in conjunction with VECS (VMware Endpoint Certificate Store) While I do agree it does simplify the whole process, it’s not without its limitations and known issues. Hopefully this guide will help you avoid those pitfalls. Firstly let me explain the small lab environment I will use. · I have a Root CA on my domain controller ( dc.domain.com ) · I have an Intermediate CA ( interca.domain.com ) · I have a Platform Services Controller 6.0 U2 Appliance ( psc.domain.com ) · I have a vCenter Server 6.0 U2 Appliance ( vc.domain.com ) Create the Certificate Templates In this guide we are using a Microsoft Certificate Authority. Review https://kb.vmware.com/kb/2112009 and perf