vCenter Server includes scripts for generating Certificate Signing Requests (CSRs), managing certificates, and managing services.
For example, you can use the certool utility to generate CSRs and to replace certificates. See Managing Certificates with the vSphere Certificate Manager Utility.
Use the CLIs for management tasks that the vSphere Client does not support, or to create custom scripts for your environment.
|certool||Generate and manage certificates and keys. Part of VMware Certificate Authority (VMCA).|
|vecs-cli||Manage the contents of VMware Certificate Store instances. Part of VMware Authentication Framework Daemon (VMAFD).||vecs-cli Command Reference|
|dir-cli||Create and update certificates in VMware Directory Service. Part of VMAFD.||dir-cli Command Reference|
|sso-config||Update Security Token Service (STS) certificates.||Replace an STS Certificate|
|service-control||Command for starting, stopping, and listing services.||Run this command to stop services before running other CLI commands.|
Enable SSH login to vCenter Server. See Manage vCenter Server with the Management Interface.
- Log in to the vCenter Server shell.
Usually, you have to be the root or Administrator user. See Required Privileges for Running CLIs for details.
- Access a CLI at one of the following default locations.
The required privileges depend on the task that you want to perform. Sometimes, you are prompted for the password twice to safeguard sensitive information.
/usr/lib/vmware-vmafd/bin/vecs-cli /usr/lib/vmware-vmafd/bin/dir-cli /usr/lib/vmware-vmca/bin/certool /opt/vmware/bin /opt/vmware/bin/sso-config.sh
The service-control command does not require that you enter the path.