Please provide your feedback in this short Flings' survey.
fling logo of VMCA Certificate Generator

VMCA Certificate Generator

version 1.0 — October 21, 2020

Contributors 1

View All

Comments 1

  • profile picture of antboro
View All


The VMware Certificate Authority (VMCA) Certificate Generator gives you the ability to simply retrieve certificates signed by the VMware Certificate Authority (VMCA) running on vCenter / PSC.

This can be useful when you don't have access to a company wide Certificate Authority (e.g. small-business or running in a lab), but you want to have valid certificates for your services.
The certificates can be used for other VMware products like vRealize Suite, NSX as well as 3rd party services.
Once you trust the VMCA root certificate (to be retrieved by the vCenter URL or over this tool), you trust all services with the new certificates.

The validity of the certificates is not changeable and depends on the vCenter version. With vCenter 7.0 you'll get certificates valid for 2 years.

The VMCA Certificate Generator comes as a .jar file and needs to be run with java - either right-click and "open with jar Launcher" or run with "java -jar vmca-cert-generator.jar".

To connect to vCenter or PSC,

Fill in FQDN or IP of vCenter/PSC together with a shell user (e.g. root) in the form.

Add the certificate details and click "START".

The log will appear in the upper right corner, followed by a Download button.

The Download will provide you with a .zip file containing:

  • certool.cfg -> just for reference the certificate settings
  • root.cer -> the VMCA root certificate
  • private.key and public.key
  • .cer -> X509 certificate
  • .pfx -> encrypted certificate in PKCS#12 format - encrypted with specified password
  • chain-with-privkey.pem -> certificate chain including private key
  • chain-without-privkey.pem -> certificate chain without private key

Different tools / services require different formats of certificates to upload. Usually you'll need only one of the created certificate files. Please report missing formats that should be included.



  1. If not already done, change the vCenter default Shell to BASH :

  2. Download VMCA Certificate Generator ZIP and extract "vmca-cert-generator.jar" on your client

  3. Run the tool with either "java -jar vmca-cert-generator.jar" or right click and "open with Jar Launcher"

  4. Fill out all fields and press "START"

  5. Press "DOWNLOAD" and save the certificate bundle as .zip file

  6. Extract the downloaded ZIP file

  7. Provide the certificate in the appropriate format to your product(s). The required certificate format differs from product to product.


Version 1.0 Update

  • Added the open source license file.

Similar Flings

Apr 27, 2018
fling logo of Cross vCenter VM Mobility - CLI

Cross vCenter VM Mobility - CLI

version 1.6.0

Cross vCenter VM Mobility - CLI is a command line interface (CLI) tool that can be used to migrate or clone a VM from one host to another host managed by a linked or isolated vCenter (VC) instance.

May 11, 2017
fling logo of Host Profiles CLI

Host Profiles CLI

version 1.0

The Host Profiles CLI Fling (hostprofilescli) is a command-line utility that allows vSphere administrators to perform several operations with Host Profiles that are either not currently possible through existing user interfaces, or possible only through graphical interfaces.

Jun 29, 2016
fling logo of DRS Doctor

DRS Doctor

version 1.1

DRS Doctor is a command line tool that can be used to diagnose DRS behaviour in VMware vCenter clusters. When run against a DRS enabled cluster, it records information regarding the state of the cluster, the work load distribution, DRS moves, etc., in an easy to read log format.