I currently have some self signed certificates on my vCloud Director 8 installation and want to update them with new certificates. Here are the simplified steps to get this accomplished:
Firstly you need to create 2 certificates for each member of the group (cell) and import the certificates into host keystores. Each vCD has 2 IP address which allows support for 2 different SSL endpoints(http and consoleproxy). Each endpoint requires its own SSL certificate.
Requirements for cert include an X.500 distinguished name, while Subject Alternative Name is not necessary.
Replace certificate using vCD configuration script:
this process will also validate the db connection and prompt for SSL certificate and skips all other.
- SSH to vCD cell
- Stop the vCD services
- service vmware-vcd stop
- Run the configuration
- Specify full path to java keystore that holds the new certificates
- Provide keystore and certificate password
- # cd /opt/vmware/vcloud-director/bin
- # ./cell-management-tool certificates -j -p -k /tmp/.ks -w kspw
- Restart the cell for changes to take affect.
- # service vmware-vcd restart