This page describes how to update the reference to the vCenter CA certificate if it has changed, as your running admin cluster and user clusters must be informed of the change. This affects the vCenter.caCertPath field in the admin cluster configuration file and the user cluster configuration files for Google Distributed Cloud.
You can update the certificate references with the gkectl update command as described here.
Update the referenced vCenter CA certificate in the cluster configuration files
To update the running admin and user clusters to use the new certificate:
Retrieve the new vCenter CA certificate and unzip it:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[[["\u003cp\u003eThis page explains how to update the vCenter CA certificate reference in your admin and user cluster configuration files.\u003c/p\u003e\n"],["\u003cp\u003eUse the \u003ccode\u003ecurl\u003c/code\u003e command to download and unzip the new vCenter CA certificate, saving the certificate in \u003ccode\u003evcenter-ca.pem\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eUpdate the \u003ccode\u003evCenter.caCertPath\u003c/code\u003e field in the admin cluster configuration file to point to the new certificate, then use \u003ccode\u003egkectl update admin\u003c/code\u003e to update the running admin cluster.\u003c/p\u003e\n"],["\u003cp\u003eUpdate the \u003ccode\u003evCenter.caCertPath\u003c/code\u003e field in each user cluster configuration file to point to the new certificate, then use \u003ccode\u003egkectl update cluster\u003c/code\u003e for each user cluster.\u003c/p\u003e\n"],["\u003cp\u003eVerify the health of both admin and user clusters with \u003ccode\u003egkectl diagnose cluster\u003c/code\u003e after updating each cluster.\u003c/p\u003e\n"]]],[],null,[]]
