In VMware Cloud Foundation 9.0, certificate replacement procedures for components such as:
vCenter Server
NSX Manager
SDDC Manager
Aria Suite components
require certificates to be provided in PEM format.
From the VCF 9.0 documentation under Certificate Management:
“When replacing certificates with CA-signed certificates, provide the certificate and private key in PEM format.”
Additionally:
“The certificate file must include the full chain (server certificate and intermediate certificates) in PEM encoding.”
Why PEM?
PEM format:
Base64 encoded
Human-readable
Common format for VMware components
Required for SDDC Manager certificate import workflows
Why the Other Options Are Incorrect
A. PFX (PKCS#12)Contains private key and certificate bundled together; not the required format for VCF certificate replacement workflows.
B. DERBinary format; VMware Cloud Foundation certificate workflows require Base64 PEM format.
D. P7B (PKCS#7)Does not contain private key; unsuitable for certificate replacement.
Document References (VCF 9.0)
VMware Cloud Foundation 9.0 → Security and Certificate Management
VMware Cloud Foundation 9.0 → Replace Certificates with CA-Signed Certificates
VMware Cloud Foundation 9.0 → Certificate Requirements and Formats
