vCenter Certificate Automation Tool 1.0

Update: You might want to follow the How to use VMware Certificate Automation Tool, my recent article where I'm using the tool to replace SSL certificates in my lab.

Managing certificates through vCenter components is a pain. VMware reacts (finally) and released a command line tool called vCenter Certificate Automation Tool 1.0 which enables you to automate the deployment of certificates for different vCenter components like SSO, vCenter, View Connection server etc… The tool does provide automation of deployment, but does not manage the actual generation of SSL certificates, which needs to be done through other methods. It does not deploy certificates for using in ESXi hosts, the tool manage (deploy, replace) certificates in vCenter components only:

vCenter Server
vCenter Single Sign On
vCenter Inventory Service
vSphere Web Client
vCenter Log Browser
VMware Update Manager (VUM)
vCenter Orchestrator (VCO)

The tool is to be used to deploy self-signed or certificates obtained from public Certification Authorities. In both cases it's possible to use the vCenter Certificate Automation Tool to automate the process.

To Generate the SSL certificates? Via OpenSSL

VMware provides a KB article guiding you to use OpenSSL to generate certificates, there is full step-by-step KB. You're guided to generate the certificates requests, obtain the certificate and also create the PEM files needed for the deployments.

Supported Platforms are 2003R2 SP2 and 2008R2 SP2. For Windows Server 2012 we'll have to wait until the next major release of VMware vSphere, I think.