When you install VMware Cloud Director for Linux, you must create certificates for each member of the server group and import the certificates into host truststores.

Note: You must create the certificates for the server group members only after installing VMware Cloud Director on Linux. The VMware Cloud Director appliance creates self-signed SSL certificates during its first boot.


  1. Log in to the VMware Cloud Director server as root.
  2. List the IP addresses for the server.
    Use a command, such as ifconfig, to discover this server's IP addresses.
  3. For each IP address, run the following command to retrieve the fully qualified domain name (FQDN) to which the IP address is bound.
    nslookup ip-address
  4. Make a note of each IP address and the FQDN associated with it.

    You must provide the FQDNs when you create the certificates and the IP addresses when you configure the network and database connections. Make a note of any other FQDNs that can reach the IP address, because you must provide them if you want the certificate to include a Subject Alternative Name.

    Starting with VMware Cloud Director 10.4, the HTTPS service and the console proxy service use a single IP address. For VMware Cloud Director 10.4, if you enabled the legacy console proxy implementation and you are not using a single IP address for both services, decide which IP address is for the HTTPS service and which is for the console proxy service.
    Note: VMware Cloud Director 10.4.1 and later do not support the legacy implementation of the console proxy feature.

What to do next

Create the certificates for the two endpoints. You can use certificates signed by a trusted certification authority (CA) or self-signed certificates.
Note: CA-signed certificates provide the highest level of trust.