fling logo of SDDC Certificate Tool

SDDC Certificate Tool

version 1.0.1 - Build 10253169 — September 28, 2018

Contributors 3

View All

Comments 6

  • profile picture of Aaron Rogers
  • profile picture of Dag Kvello
  • profile picture of Evgeniy
  • profile picture of HaronSSG
  • profile picture of Mubo
  • profile picture of Avinash Mudivedu
View All


Replacing SSL certificates across VMware products is a manual and time-consuming process. The SDDC Certificate Tool automates this workflow and makes it easy to keep certificates across your SDDC up to date. It will replace all certificates in the supported products and reestablish trust between the components.

Supported Products

  • VMware Platform Services Controller (PSC)
  • VMware vCenter Server (VC)
  • VMware NSX for vSphere (NSX)
  • vRealize Log Insight (vRLI)
  • vRealize Operations Manager (vROps)
  • vRealize Automation (vRA)
  • vRealize Business for Cloud (vRB)

More about this Fling: New SDDC Certificate Replacement Fling by William Lam


  • PhotonOS or Linux running Java 1.8+ 
  • Certificate Files in x509 format (.cer) 
  • Certificate Chain in x509 format (.cer) 


Supported VMware products: 


Minimum Version 

Maximum Version 

VMware Platform Services Controller (PSC) 

6.0 U2 


VMware vCenter Server (VC) 

6.0 U2 


VMware NSX for vSphere (NSX) 



vRealize Log Insight (vRLI) 



vRealize Operations Manager (vROps) 



vRealize Automation (vRA) 



vRealize Business for Cloud (vRB) 




Simple Workflow

Note: See PDF for detailed instructions.

This workflow is only if you already have signed certificates that you want to replace on VMware components.

  1. Copy signed certificates, private keys, and the certificate authority chain from your Certificate Signing Authority to a Linux server. A private folder is recommended to safeguard the private keys.
  2. Download and extract the SDDC Certificate Tool to the /opt/vmware/cert-mgmt/ folder.
  3. Follow a configuration template and edit it to match your environment. Follow the examples at /opt/vmware/cert-mgmt/config and the Configuration File section for a detailed look.
  4. Run Certificate Replacement command.
    java -jar lib/certreplace-*.jar -c config/config.json -replacecert - passwordEntry

  5. If there are any errors in the configuration file, they will be shown and certificate replacement will only proceed once all errors have been fixed.

    Download the PDF for more detailed instructions.


1.0.1 - Build 10253169

  • Spring Frameworks updated to version 4.3.19 due to security vulnerability

Similar Flings

May 23, 2022
fling logo of Virtual Machine Desired State Configuration

Virtual Machine Desired State Configuration

version 1.1.3 (4092207)

Virtual Machine Desired State Configuration (VMDSC) allows virtual administrators to specify VM CPU/Memory desired state which will take effect upon the next Guest OS reboot. This removes the burden of having to schedule a downtime window with the business/app owners.

Apr 27, 2018
fling logo of Cross vCenter VM Mobility - CLI

Cross vCenter VM Mobility - CLI

version 1.6.0

Cross vCenter VM Mobility - CLI is a command line interface (CLI) tool that can be used to migrate or clone a VM from one host to another host managed by a linked or isolated vCenter (VC) instance.

Jan 04, 2022
fling logo of VM News Collector

VM News Collector

version 1.0

VM News Collector is a real-time news aggregator dedicated to the collection of all kinds of real-time news updates and applicable information & resolutions on all technology products belonging to the VMWARE Group, a technology giant, leading the technology revolution in cloud computing & virtualization fields.
No need to scroll through hundreds of documents looking for informations. VM News Collector App has it all for you.