Creating and importing CA-signed certificates provides the highest level of trust for SSL communications and helps you secure the connections within your cloud infrastructure.
Each VMware Cloud Director server must support two different SSL endpoints, one for HTTPS and one for console proxy communications.
The two endpoints can be separate IP addresses or a single IP address with two different ports. You can use the same certificate for both endpoints, for example, by using a wildcard certificate.
Certificates for both endpoints must include an X.500 distinguished name and X.509 Subject Alternative Name extension.
You can use certificates signed by a trusted certificate authority(CA) or self-signed certificates.
You use the cell-management-tool
to create the self-signed SSL certificates. The cell-management-tool
utility is installed on the cell before the configuration agent runs and after you run the installation file. See Install VMware Cloud Director on the First Member of a Server Group.
Prerequisites
- Download and install OpenSSL.
- For more details on the available options for the
generate-certs
command, see Generating Self-Signed Certificates for the HTTPS and Console Proxy Endpoints. - For more details on the available options for the
certificates
command, see Replacing Certificates for the HTTPS and Console Proxy Endpoints.
Procedure
What to do next
- If you have not yet configured your VMware Cloud Director instance, run the configure script to import the certificates to VMware Cloud Director. See Configure the Network and Database Connections.
Note: If you created the cert.pem or cert.key certificate files on a computer other than the server on which you generated the list of fully qualified domain names and their associated IP addresses, copy the cert.pem and cert.key files to that server now. You need the certificate and private key path names when you run the configuration script.
- If you have already installed and configured your VMware Cloud Director instance, use the certificates command of the cell management tool to import the certificates. See Replacing Certificates for the HTTPS and Console Proxy Endpoints.