To replace the certificate in vRSLCM for a Custom SSL first create a CSR and Private key. Take the CSR to your certificate authority and have them issue a certificate. Ensure that the intended certificate is a X509 PEM base-64 encoded certificate along with an associated unencrypted private key.

Procedure

Rename the newly created certificate to server.crt and the private key to server.key. Use WINSCP to connect to the vRSLCM instance.

Browse to /opt/vmware/vlcm/cert and backup the old server.crt and server.key. Here I appended .bak to them both. Copy both the new certificate file server.crt and server.key to the /opt/vmware/vlcm/cert folder.

Now using putty connect to the vRealize Suite Lifecycle Manager appliance as the root user and restart the vRealize Suite Lifecycle Manager proxy services to update the appliance certificate.

systemctl restart nginx

We can check the status of the system by running

systemctl status nginx

Now browse to the appliance by opening a browser and go to https://applianceip/

We can see the certificate has been replaced correctly as it shows the lock symbol in the address bar and on inspecting the certificate it has the correct details.

As always the official documentation can be found on the VMware Website.