Recently I have been helping a customer replace their self-signed Management Agent certificate in vRA7.6 with a new self-signed one (old one is expiring).

To be clear this is the Management Agent certificate on the Iaas servers.

VMware provide documentation on how to replace the certificate. But, to make things smoother, I will give you a few hints below on the process.

Obtain the Management Agent Identifier

On each of the Iaas nodes where you will be replacing the certificate, obtain the Management Agent identifier, by opening the <vra-installation-dir>\Management Agent\VMware.IaaS.Management.Agent.exe.config file. Make a note of the <agentConfiguration id=”xxxxxx-xxxx-xxxxx-xxxxx”>. The last part is what you will need for the -nd parameter when following the VMware documentation.

Obtain the SSL Thumbprint

Needed for the -tp parameter, you can find this in the same file ( <vra-installation-dir>\Management Agent\VMware.IaaS.Management.Agent.exe.config )

Executing the Command

Make sure you run the command in an elevated command prompt


Remember throughout, that ‘everything‘ you enter is case sensitive. If the machine name is ABC101 entering abc101 will not work!


CIO at Sonar, Automation Practice Lead at Xtravirt and guitarist in The Waders. Loves IT, automation, programming, music

%d bloggers like this: