diff --git a/tools/virt-admin.c b/tools/virt-admin.c
index 32edfe5757..a8e5e0a5af 100644
--- a/tools/virt-admin.c
+++ b/tools/virt-admin.c
@@ -957,6 +957,60 @@ cmdSrvClientsSet(vshControl *ctl, const vshCmd *cmd)
     goto cleanup;
 }
 
+/* ------------------------
+ *  Command srv-update-tls
+ * ------------------------
+ */
+static const vshCmdInfo info_srv_update_tls_file[] = {
+    {.name = "help",
+     .data = N_("notify server to update TLS related files online.")
+    },
+    {.name = "desc",
+     .data = N_("notify server to update the CA cert, "
+                "CA CRL, server cert / key without restarts. "
+                "See OPTIONS for currently supported attributes.")
+    },
+    {.name = NULL}
+};
+
+static const vshCmdOptDef opts_srv_update_tls_file[] = {
+    {.name = "server",
+     .type = VSH_OT_DATA,
+     .flags = VSH_OFLAG_REQ,
+     .help = N_("Available servers on a daemon. "
+                "Currently only supports 'libvirtd'.")
+    },
+    {.name = NULL}
+};
+
+static bool
+cmdSrvUpdateTlsFiles(vshControl *ctl, const vshCmd *cmd)
+{
+    bool ret = false;
+    const char *srvname = NULL;
+
+    virAdmServerPtr srv = NULL;
+    vshAdmControlPtr priv = ctl->privData;
+
+    if (vshCommandOptStringReq(ctl, cmd, "server", &srvname) < 0)
+        return false;
+
+    if (!(srv = virAdmConnectLookupServer(priv->conn, srvname, 0)))
+        goto cleanup;
+
+    if (virAdmServerUpdateTlsFiles(srv, 0) < 0) {
+        vshError(ctl, "%s", _("Unable to update server's tls related files."));
+        goto cleanup;
+    }
+
+    ret = true;
+    vshPrint(ctl, "update tls related files succeed\n");
+
+ cleanup:
+    virAdmServerFree(srv);
+    return ret;
+}
+
 /* --------------------------
  * Command daemon-log-filters
  * --------------------------
@@ -1436,6 +1490,16 @@ static const vshCmdDef managementCmds[] = {
      .info = info_srv_clients_set,
      .flags = 0
     },
+    {.name = "srv-update-tls",
+     .flags = VSH_CMD_FLAG_ALIAS,
+     .alias = "server-update-tls"
+    },
+    {.name = "server-update-tls",
+     .handler = cmdSrvUpdateTlsFiles,
+     .opts = opts_srv_update_tls_file,
+     .info = info_srv_update_tls_file,
+     .flags = 0
+    },
     {.name = "daemon-log-filters",
      .handler = cmdDaemonLogFilters,
      .opts = opts_daemon_log_filters,