If you have your own private key and CA-signed certificate files, importing them into your VMware Cloud Director environment provides the highest level of trust for SSL communications and helps you secure the connections within your cloud infrastructure.


Copy your intermediate certificates, root CA certificate, CA-signed HTTPS service, and Console Proxy service private keys and certificates to the appliance.


  1. Log in directly or by using an SSH client to the VMware Cloud Director appliance console as root.
  2. Run the commands to back up the existing certificate files.
    cp /opt/vmware/vcloud-director/etc/user.http.pem /opt/vmware/vcloud-director/etc/user.http.pem.original
    cp /opt/vmware/vcloud-director/etc/user.http.key /opt/vmware/vcloud-director/etc/user.http.key.original
    cp /opt/vmware/vcloud-director/etc/user.consoleproxy.pem /opt/vmware/vcloud-director/etc/user.consoleproxy.pem.original
    cp /opt/vmware/vcloud-director/etc/user.consoleproxy.key /opt/vmware/vcloud-director/etc/user.consoleproxy.key.original
  3. If you have intermediate certificates, run the command to append the root CA-signed certificate and any intermediate certificates to the HTTP and console proxy certificates.
    cat intermediate-certificate-file-1.cer intermediate-certificate-file-2.cer root-CA-certificate.cer >> /opt/vmware/vcloud-director/etc/user.http.pem
    cat intermediate-certificate-file-1.cer intermediate-certificate-file-2.cer root-CA-certificate.cer >> /opt/vmware/vcloud-director/etc/user.consoleproxy.pem

    Where intermediate-certificate-file-1.cer and intermediate-certificate-file-2.cer are the names of intermediate certificates and root-CA-certificate.cer is the name of the root CA-signed certificate.

  4. Run the command to import the signed certificates into the VMware Cloud Director instance.
    /opt/vmware/vcloud-director/bin/cell-management-tool certificates -j --cert /opt/vmware/vcloud-director/etc/user.http.pem --key /opt/vmware/vcloud-director/etc/user.http.key --key-password root_password
    /opt/vmware/vcloud-director/bin/cell-management-tool certificates -p --cert /opt/vmware/vcloud-director/etc/user.consoleproxy.pem --key /opt/vmware/vcloud-director/etc/user.consoleproxy.key --key-password root_password
  5. For the CA-signed certificates to take effect, restart the vmware-vcd service on the VMware Cloud Director appliance.
    1. Run the command to stop the service.
      /opt/vmware/vcloud-director/bin/cell-management-tool cell -i $(service vmware-vcd pid cell) -s
    2. Run the command to start the service.
      systemctl start vmware-vcd

What to do next