VMware announced a new tool on 4/4/2013 that aims to help with the certificate deployments in vSphere 5.1, you can read the notes on the product below and download the vCenter Certicate Automation Tool here.
From the Installation Document:
VMware is announcing the release of the vCenter Certificate Tool 1.0. This tool will help customers’ update the certificates needed for running vCenter Server and supporting components. This is mostly for customers who use custom certificates either generated internally from Corporate CAs or from public CA’s like VeriSign.
Various components within vSphere and vCenter platform use certificates for identifying themselves as well as for secure communication with external software entities (browsers, API clients). These can broadly be classified into the following categories:
a) STS Certificate – Certificate used by vCenter Single Sign On (SSO) for encryption the SAML 2.0 tokensb) Solution User Certificates – Certificates used by each solution to identify themselves as users to SSOc) SSL Certificates – certificates needed for SSL communication for the UI and API layerd) Host Certificates – These certificates are deployed in each ESXi host and used for secure vCenter to ESXi communication.
The certificate tool automates the update of certificates in the management layer only (a, b, c above). This tool does NOT handle replacement of certificates in ESXi hosts.
The vCenter Cert Tool aims to automate the process of uploading certificates and restarting the following components within the vCenter platform:
1. vCenter Server2. vCenter Single Sign On3. vCenter Inventory Service4. vSphere Web Client5. vCenter Log Browser6. VMware Update Manager (VUM)7. vCenter Orchestrator (VCO)
