Use the import-trusted-certificates command of the cell management tool to import certificates for use in establishing secure connections to external services like AMQP and the VMware Cloud Director database.

Before it can make a secure connection to an external service, VMware Cloud Director must establish a valid chain of trust for that service by importing the service's certificates into its own truststore. To import trusted certificates to the cell's truststore, use a command with the following form:
cell-management-tool import-trusted-certificates options
Table 1. Cell Management Tool Options and Arguments, import-trusted-certificates Subcommand
Option Argument Description
--help (-h) None Provides a summary of available commands in this category.
--destination path name Full path name to the destination truststore. Defaults to /opt/vmware/vcloud-director/etc/certificates if not provided on the command line.
--destination-password string Password for the destination truststore. Defaults to the value of vcloud.ssl.truststore.password if not provided on the command line.
--destination-type keystore type Keystore type of the destination truststore. Can be JKS or JCEKS. Defaults to JCEKS.
--force None Overwrites the existing certificates in the destination truststore.
--source path name Full path name to source PEM file.

Importing Trusted Certificates

This example imports the certificates from /tmp/demo.pem to the VMware Cloud Director local keystore at /opt/vmware/vcloud-director/etc/certificates. VMware Cloud Director stores the keystore password in an encrypted format which the import-trusted-certificates command decrypts.
[root@cell1 /opt/vmware/vcloud–director/bin]# ./cell-management-tool import-trusted-certificates --source /tmp/demo.pem