Create a configuration file that contains certificate information for your organization. Using this configuration file, the tool generates a file package that contains a configuration file for the VMs in each Cloud Foundation component.

You can specify the components for which you want to replace certificates in the configuration file. It is recommended that you replace all certificates immediately after you deploy Cloud Foundation. Subsequently, you can replace certificates for a subset of components, as appropriate.


  1. Using the root credentials, SSH in to the SDDC Manager Controller VM.
  2. Navigate to /opt/vmware/cert-mgmt/bin.
  3. Type the following command.
    ./vcfcerthelper \
    --config_file config.json \
    --cert_dir cert-output \
    --action build-certgen-config
    Table 1. Parameter Information




    Name of the input configuration JSON file.


    Directory where the configuration file package is to be created.


    Action to be performed.


The file package for the Certificate Generation Tool is created in the specified directory. The tool also creates a zip file of the directory contents in the parent directory.