Enter . This CLI tool is designed to simplify the generation, signing, and retrieval of X.509 certificates from a centralized VMware Certificate Authority (CA).
"common_name": "myapp.default.svc.cluster.local", "sans": [ "myapp.default.svc", "myapp.default.pod", "myapp-namespace.svc.cluster.local" ], "key_type": "rsa", "key_bits": 2048, "ttl": "168h" vmware vcert tool
kubectl create secret tls myapp-tls --cert=myapp.crt --key=myapp.key kubectl create configmap ca-bundle --from-file=ca.crt Mount in your deployment: In enterprise setups, the VMware CA can forward
volumes: - name: tls secret: secretName: myapp-tls - name: ca configMap: name: ca-bundle Because vCert supports short-lived certs, automate renewal before expiry: They authenticate workloads, encrypt data in transit, and
# Script: renew.sh vcert renew --cert myapp.crt --key myapp.key --out-dir ./certs kubectl create secret tls myapp-tls --cert=./certs/myapp.crt --key=./certs/myapp.key --dry-run=client -o yaml | kubectl apply -f - Deploy as a Kubernetes CronJob (e.g., run every 5 days for a 7-day cert). In enterprise setups, the VMware CA can forward requests to a Venafi TPP server. vCert transparently supports this. Just set the appropriate policy name:
In the modern software-defined data center, certificates are the unsung heroes of security. They authenticate workloads, encrypt data in transit, and establish trust between microservices. However, managing the lifecycle of these certificates—especially in ephemeral Kubernetes or VM environments—is a notorious operational headache.
Whether you’re running stateful VMs on vSphere or a fleet of containers in Tanzu, vCert gives you a reliable, repeatable way to issue machine identities. Start using it today to eliminate manual certificate management and reduce the risk of expiry outages.