VMware vCenter Server Heartbeat - Replacing the SSL Certificate in vCenter Server Heartbeat with a New Certificate



This Knowledgebase article provides the procedure to change the SSL Certificate on vCenter Server Heartbeat.

More Information

To change the current SSL Certificate in vCenter Server Heartbeat, perform the following steps:

Note: Within the following procedure, all instances of <password> represent the default password. If you intend to use other than the default password, you must also edit the Server.xml file located at %Program Files\VMware\VMware vCenter Server Heartbeat\tomcat\apache-tomcat-6.0.32\conf to reflect the non-default password used.

Additionally, all file paths are assumed to be the default installation file paths.


  1. From Start > Run open Registry Editor.
  2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Prefs\nfwebsvcs\management\nfwebsvc .
  3. Change the value of use_hbws_keystore from TRUE to FALSE and save changes.
  4. From Service Control Manager, restart VMware vCenter Server Heartbeat WebService.
  5. Create a new Keystore in a temporary location and enter the certificate details:

    cd "C:\Program Files\VMware\VMware vCenter Server Heartbeat\R2\jre\bin"
    keytool -genkey -alias nfhb_private_certificate -keyalg RSA -keysize 2048
    -keystore NFKeyStore.jks -storepass <password>
  6. Create a Certificate Signing Request (CSR) as shown below:

    If using MD5:

keytool -certreq -alias nfhb_private_certificate -sigalg MD5withRSA –file NFKeyStore.csr -keystore NFKeyStore.jks -keypass <password> -storepass <password>

If using SHA1:

keytool -certreq -alias nfhb_private_certificate -sigalg SHA1withRSA –file NFKeyStore.csr -keystore NFKeyStore.jks -keypass <password> -storepass <password>

  1. Submit the CSR to the Certification Authority (CA).
  2. Save the recieved certificate as certnew.p7b
  3. Import the recieved certificate to the JAVA keystore:

    keytool -import -alias nfhb_private_certificate -keystore NFKeyStore.jks
    -trustcacerts -storepass <password> -file certnew.p7b
  4. Verify the imported data from the Java Keystore:

    keytool -list -v -keystore NFKeyStore.jks -storepass <password>
  5. Stop the TOMCAT instance used by the vCenter Server Heartbeat WEB management ( nfwebsvc ) using the following command:

    net stop nfwebsvc
  6. Create a backup of the currently used keystore:

    cd "C:\Program Files\VMware\VMware vCenter Server Heartbeat\tomcat\ssl"
    ren NFKeyStore.jks NFKeyStore.jks.bak
  7. Copy the keystore from the temporary location:

    xcopy "C:\Program Files\VMware\VMware vCenter Server
    Heartbeat\R2\jre\bin\NFKeyStore.jks" "C:\Program Files\VMware\VMware vCenter
    Server Heartbeat\tomcat\ssl"
  8. Start the TOMCAT instance used by the vCenter Server Heartbeat WEB management ( nfwebsvc ) using the following command:

    net start nfwebsvc

Applies To

vCenter Server Heartbeat

Related Information



0 out of 0 found this helpful



Please sign in to leave a comment.