After you obtain the SSL certificates and you generate the list of update steps, you can run the tool to replace the existing certificates, reestablish trust, and optionally restart some of the services.

See Certificate Automation Tool Deployment Options for an overview of how the tool proceeds in different deployments.

The tool gives you a list of update tasks and specifies the machine on which to perform each task. If you select a task, the tool prompts for input to perform that task. For example, to update the Inventory Service, you select Inventory Service from the menu. The tool prompts you for information that it requires to update the Inventory Service Trust to Single Sign-On, and to update the Inventory Service SSL Certificate options.

Perform the tasks in sequence. If the update planner instructs you to perform tasks on multiple machines, keep the tool running on each machine to avoid entering information again.


  1. Move to the first machine on the task list and start the tool by running ssl-updater.bat.
    The tool does not list machines by name but points you to the machine on which a service is running.
  2. Select Update SSL certificate.
  3. When prompted, specify the service whose certificate you want to update.
    If you prespecified the default, the tool does not prompt you.
    To update multiple SSL certificates, update the certificate for one service and then proceed to the next service on the machine where it is deployed. The SSL certificate for each vSphere component must be unique.
  4. When prompted, type the requested information, such as the locations of the new SSL chain and private key, passwords and so on.
  5. Continue until you have provided all information.
  6. Check the planner for the next step.
    You might have to deploy and start the tool on a different machine to update some of the services.
  7. After you have completed your update plan, you can close the command prompt window to end your session.