Use the import-trusted-certificates command of the cell management tool to import certificates for use in establishing secure connections to external services like AMQP and the VMware Cloud Director database.
Before it can make a secure connection to an external service, VMware Cloud Director must establish a valid chain of trust for that service by importing the service's certificates into its own truststore. To import trusted certificates to the cell's truststore, use a command with the following form:
cell-management-tool import-trusted-certificates options
|--help (-h)||None||Provides a summary of available commands in this category.|
|--destination||path name||Full path name to the destination truststore. Defaults to /opt/vmware/vcloud-director/etc/certificates if not provided on the command line.|
|--destination-password||string||Password for the destination truststore. Defaults to the value of
|--destination-type||keystore type||Keystore type of the destination truststore. Can be JKS or JCEKS. Defaults to JCEKS.|
|--force||None||Overwrites the existing certificates in the destination truststore.|
|--source||path name||Full path name to source PEM file.|
Importing Trusted Certificates
This example imports the certificates from /tmp/demo.pem to the VMware Cloud Director local keystore at /opt/vmware/vcloud-director/etc/certificates. VMware Cloud Director stores the keystore password in an encrypted format which the import-trusted-certificates command decrypts.
[root@cell1 /opt/vmware/vcloud–director/bin]# ./cell-management-tool import-trusted-certificates --source /tmp/demo.pem