Regenerate the Cloud Service self-signed SSL certificate or import a CA-signed certificate. After updating the certificate, re-establish the trust by re-pairing all cloud sites.

In VMware Cloud Director Availability 4.3 and later, replacing the Cloud Service certificate invalidates the trust only with the paired cloud sites. Replacing with a CA-signed certificate does not invalidate the trust with the paired on-premises sites and no longer requires re-pairing with on-premises sites.

To re-establish the trust with the cloud sites after replacing the certificate of the Cloud Service, re-pair with them.

Procedure

  1. Log in to the management interface of the Cloud Director Replication Management Appliance.
    1. In a Web browser, go to https://Appliance-IP-Address/ui/admin.
    2. Select Appliance login or SSO login and enter the root or the single sign-on user credentials.
    3. Click Login.
  2. Replace the SSL certificate of the Cloud Service.
    1. In the left pane under Configuration, click Settings.
    2. Under Appliance settings next to Certificate, select the certificate replacement method.
      Option Description
      Import Upload a CA-signed certificate.
      Regenerate Generate a new self-signed certificate.
    3. To update the Cloud Service certificate, click Apply.
      You are logged out and the services automatically restart in a few minutes. After importing a CA-signed certificate, the Cloud Service creates a copy of the old certificate at /opt/vmware/h4/cloud/config/keystore.p12.bak.
  3. In each paired cloud site, trust this new Cloud Service certificate.
    1. In the left pane, click Peer Sites.
    2. Select a cloud site and click Repair.
    3. In the Update Pairing window, click Update.
    4. To complete the trust re-establishment, accept the remote Cloud Service SSL certificate.
    Note: Repeat this step and re-pair with the remaining cloud sites.

What to do next

When not using a CA-signed certificate for the Cloud Service, re-pair the paired on-premises sites with this cloud site. For more information, see Repair with a remote site.