Use the certificates command of the cell management tool to replace SSL certificates for the HTTPS endpoint.

Starting with VMware Cloud Director 10.4, the console proxy uses the same endpoint as the REST API. You can enable the LegacyConsoleProxy feature from the Feature Flags settings menu under the Administration tab. If you enable the LegacyConsoleProxy feature, you can use the certificates command of the cell management tool to replace SSL certificates for the HTTPS and Console Proxy endpoints.

The certificates command of the cell management tool automates the process of replacing existing certificates with new ones stored in PEM format. Use the certificates command to replace self-signed certificates with signed ones or replace expiring certificates with new ones. To create signed certificates, see Create Self-Signed SSL Certificates for VMware Cloud Director on Linux.

To replace SSL certificates for one or both endpoints use a command with the following form:
cell-management-tool certificates options
Table 1. Cell Management Tool Options and Arguments, certificates Subcommand
Option Argument Description
--help (-h) None Provides a summary of available commands in this category.
--config (-c) full pathname to the cell's global.properties file Defaults to $VCLOUD_HOME/etc/global.properties.
--http (-j) None Replace the certificate file named certificates.pem and the private key file named certificates.key used by the http endpoint.
--consoleproxy (-p) None If LegacyConsoleProxy is enabled, replace the certificate file named proxycertificates.pem and the private key file named proxycertificates.key used by the console proxy endpoint.
--responses (-r) full pathname to the cell's responses.properties file Defaults to $VCLOUD_HOME/etc/responses.properties.
--cert cert-pathname Full pathname to a PEM-encoded X.509 certificate.
--key key-pathname Full pathname to a PEM-encoded PKCS #8 private key for the certificate referenced by the --cert argument.
--key-password key-password Password for the private key referenced by the --key option.

Replacing Certificates

You can omit the --config and --responses options unless those files were moved from their default locations. In this example, the cell's existing HTTP endpoint certificate and private key are replaced with those found in http.pem and http.key, which is protected with the password kpw.
[root@cell1 /opt/vmware/vcloud–director/data/transfer]# ./cell-management-tool certificates -j --cert http.pem --key http.key --key-password kpw
SSL configuration has been updated. You will need to restart the cell for changes to take effect.
Note: You must restart the cell after you replace the certificates.