fling logo of VMCA Certificate Generator

VMCA Certificate Generator

version 1.0 — October 21, 2020

Contributors 1

View All

Comments 3

  • profile picture of antboro
  • profile picture of Martin Dummer
  • profile picture of Michael Rottlander
View All


The VMware Certificate Authority (VMCA) Certificate Generator gives you the ability to simply retrieve certificates signed by the VMware Certificate Authority (VMCA) running on vCenter / PSC.

This can be useful when you don't have access to a company wide Certificate Authority (e.g. small-business or running in a lab), but you want to have valid certificates for your services.
The certificates can be used for other VMware products like vRealize Suite, NSX as well as 3rd party services.
Once you trust the VMCA root certificate (to be retrieved by the vCenter URL or over this tool), you trust all services with the new certificates.

The validity of the certificates is not changeable and depends on the vCenter version. With vCenter 7.0 you'll get certificates valid for 2 years.

The VMCA Certificate Generator comes as a .jar file and needs to be run with java - either right-click and "open with jar Launcher" or run with "java -jar vmca-cert-generator.jar".

To connect to vCenter or PSC,

Fill in FQDN or IP of vCenter/PSC together with a shell user (e.g. root) in the form.

Add the certificate details and click "START".

The log will appear in the upper right corner, followed by a Download button.

The Download will provide you with a .zip file containing:

  • certool.cfg -> just for reference the certificate settings
  • root.cer -> the VMCA root certificate
  • private.key and public.key
  • .cer -> X509 certificate
  • .pfx -> encrypted certificate in PKCS#12 format - encrypted with specified password
  • chain-with-privkey.pem -> certificate chain including private key
  • chain-without-privkey.pem -> certificate chain without private key

Different tools / services require different formats of certificates to upload. Usually you'll need only one of the created certificate files. Please report missing formats that should be included.



  1. If not already done, change the vCenter default Shell to BASH : https://kb.vmware.com/s/article/2100508

  2. Download VMCA Certificate Generator ZIP and extract "vmca-cert-generator.jar" on your client

  3. Run the tool with either "java -jar vmca-cert-generator.jar" or right click and "open with Jar Launcher"

  4. Fill out all fields and press "START"

  5. Press "DOWNLOAD" and save the certificate bundle as .zip file

  6. Extract the downloaded ZIP file

  7. Provide the certificate in the appropriate format to your product(s). The required certificate format differs from product to product.


Version 1.0 Update

  • Added the open source license file.

Similar Flings

May 23, 2022
fling logo of Virtual Machine Desired State Configuration

Virtual Machine Desired State Configuration

version 1.1.3 (4092207)

Virtual Machine Desired State Configuration (VMDSC) allows virtual administrators to specify VM CPU/Memory desired state which will take effect upon the next Guest OS reboot. This removes the burden of having to schedule a downtime window with the business/app owners.

Apr 27, 2018
fling logo of Cross vCenter VM Mobility - CLI

Cross vCenter VM Mobility - CLI

version 1.6.0

Cross vCenter VM Mobility - CLI is a command line interface (CLI) tool that can be used to migrate or clone a VM from one host to another host managed by a linked or isolated vCenter (VC) instance.

Jan 04, 2022
fling logo of VM News Collector

VM News Collector

version 1.0

VM News Collector is a real-time news aggregator dedicated to the collection of all kinds of real-time news updates and applicable information & resolutions on all technology products belonging to the VMWARE Group, a technology giant, leading the technology revolution in cloud computing & virtualization fields.
No need to scroll through hundreds of documents looking for informations. VM News Collector App has it all for you.