Create a configuration file that contains certificate information for your organization. Using this configuration file, the tool generates a file package that contains a configuration file for the VMs in each Cloud Foundation component.

You can specify the components for which you want to replace certificates in the configuration file. It is recommended that you replace all certificates immediately after you deploy Cloud Foundation. Subsequently, you can replace certificates for a subset of components, as appropriate.


  1. Using the root credentials, SSH in to the SDDC Manager VM.
  2. Navigate to /opt/vmware/cert-mgmt/bin.
  3. Type the following command.
    ./vcfcerthelper \
    --config_file config.json \
    --cert_dir cert-output \
    --action build-certgen-config
    Table 1. Parameter Information
    Parameter Description
    --config_file Name of the input configuration JSON file.
    --cert_dir Directory where the configuration file package is to be created.
    --action Action to be performed.


The file package for the Certificate Generation Tool is created in the specified directory. The tool also creates a zip file of the directory contents in the parent directory.