Outlines the steps of how to update vCenter Server certification in on-premises and Cloud DaaS Citrix environments.

---

Instructions

The following steps are required for Delivery Controllers (DDCs) in on-prem environments or Cloud Connectors (CCs) in Citrix DaaS setups to renew a vCenter Server certificate.

1. Obtain the new vCenter certificate.
   • Option 1: download the certificate from the vCenter server.
     1. Copy the file rui.crt from the vCenter server to a location accessible on your Delivery Controllers/Cloud Connectors.
     2. On the Delivery Controller/Cloud Connector, navigate to the location of the exported certificate and open the rui.crt file.
   • Option 2: download the certificate using a web browser. 
     Note: if you are using Internet Explorer, depending on your user account, you must right-click on Internet Explorer and choose Run as Administrator to download or install the certificate.
     1. Open your web browser and make a secure web connection to the vCenter server (for example https://server1.domain1.com).
     2. Accept the security warnings.
     3. Click the address bar displaying the certificate error.
     4. Click Certificate is not valid, and then click the Details tab.
     5. Click Export..
     6. Save the exported certificate.
     7. Navigate to the location of the exported certificate and open the .CER file.
   • Option 3: import directly from Internet Explorer running as an administrator.
     1. Open your web browser and make a secure web connection to the vCenter server (for example https://server1.domain1.com).
     2. Accept the security warnings.
     3. Click the address bar displaying the certificate error.
     4. View the certificate.
2. Install the certificate.
   1. Click Install certificate, select Local Machine, and then click Next.
   2. Select Place all certificates in the following store, and then click Browse. On a later supported version: Select Trusted People and then click OK. Click Next and then click Finish.
3. Remove the old vCenter certificate from the Certificate Snap-in on all DDCs/CCs.
4. Take note of the thumbprint of the new certificate (for example, 862C5182B6XXXXXXXXXXXXXXXXXXXXXXXXXXXX).
5. Update the certificate thumbprint in the database.
   1. On one of the DDCs/Domain joined machine for DaaS, start Windows PowerShell with administrator privileges.
      1. NOTE: Do not install the Remote PowerShell SDK on a Citrix Cloud Connector machine. Install it on any domain-joined machine within the same resource location.
   2. Execute the following cmdlets. 

      asnp citrix*
      Get-XdAuthentication # if you use Citrix DaaS
      Get-ChildItem XDHyp:\Connections | Select-object <HypervisorConnectionName>

   3. Take note of the HypervisorConnectionName (e.g. MyTestHostConnection).
   4. Execute the following cmdlet and take note of the HypervisorAddress value (e.g. https://vCenterServer/sdk). 

      Get-Item -LiteralPath XDHyp:\Connections\MyTestHostConnection

   5. Update the SslThumbprint value (see Step 4) with the following cmdlet. Please note that the certificate thumbprint must be written in capital letters. 

      Set-Item -LiteralPath "XDHyp:\Connections\MyTestHostConnection" -Username $cred.username -Securepassword $cred.password -SslThumbprint "862C5182B6XXXXXXXXXXXXXXXXXXXXXXXXXXXX" -hypervisorAddress https://vCenterServer/sdk

The above mentioned sample code is provided to you as is with no representations, warranties or conditions of any kind. You may use, modify and distribute it at your own risk. CITRIX DISCLAIMS ALL WARRANTIES WHATSOEVER, EXPRESS, IMPLIED, WRITTEN, ORAL OR STATUTORY, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NONINFRINGEMENT. Without limiting the generality of the foregoing, you acknowledge and agree that (a) the sample code may exhibit errors, design flaws or other problems, possibly resulting in loss of data or damage to property; (b) it may not be possible to make the sample code fully functional; and (c) Citrix may, without notice or liability to you, cease to make available the current version and/or any future versions of the sample code. In no event should the code be used to support ultra-hazardous activities, including but not limited to life support or blasting activities. NEITHER CITRIX NOR ITS AFFILIATES OR AGENTS WILL BE LIABLE, UNDER BREACH OF CONTRACT OR ANY OTHER THEORY OF LIABILITY, FOR ANY DAMAGES WHATSOEVER ARISING FROM USE OF THE SAMPLE CODE, INCLUDING WITHOUT LIMITATION DIRECT, SPECIAL, INCIDENTAL, PUNITIVE, CONSEQUENTIAL OR OTHER DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Although the copyright in the code belongs to Citrix, any distribution of the sample code should include only your own standard copyright attribution, and not that of Citrix. You agree to indemnify and defend Citrix against any and all claims arising from your use, modification or distribution of the sample code.