This was simple in theory, just replace the certificates on the web servers.
We generated certificate requests from both web servers and submitted them to the CA. Once I had the certificates they were installed on the vCAC Web servers and I changed the bindings in IIS for 443. I then placed both the new certs on the MGMT servers and restarted the services. The MGMT service failed to start and then gave the following error
"The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel"
I then looked in some of the vCAC documentation and found that I needed the following.
1. The intermediate CA
2. Domain certificate
Placed these on all the machines via group policy and then tried to start the service again. Still the MGMT service failed.
I then investigated some of the vCAC code as I thought there must be something going on that was not apparent. I found that all the components try to check sighed certs against the issuing CA authority root. This is not documented clearly (if at all) so it was a bit of a find. I then looked at how to over come this. Some of you who have installed vCAC many times will recall there is an option to "Suppress certificate mismatch" when you install some of the site components.
This setting stops the full chain check of each service. But there is no option for this when installing many of the components. So this is how you add it to the code.
Find the "ManagerService.exe.config" file located in "/Program Files (x86)/VMware/vCAC/Server" right click and edit the file. Go to the bottom of the file and just before "</Configuration>" tag insert the following code.
"<system.net>
<settings>
<servicePointManager checkCertificateName="false" checkCertificateRevocationList="false"/>
</settings>
</system.net>"
This will tell the service not to check the cert chain and will allow it to start. You will also need to add this to the CONFIG files for all the other services such as the DEM's and the designer. Same file and insert the same code in the same place.
