Use the certificates command of the cell management tool to replace SSL certificates for the HTTPS endpoint.
Starting with VMware Cloud Director 10.4, the console proxy uses the same endpoint as the REST API. VMware Cloud Director 10.4.1 and later do not support the legacy implementation of the console proxy feature. In VMware Cloud Director 10.4, you can enable the LegacyConsoleProxy feature from the Feature Flags settings menu under the Administration tab. If you enable the LegacyConsoleProxy feature, you can use the certificates command of the cell management tool to replace SSL certificates for the HTTPS and console proxy endpoints.
The certificates command of the cell management tool automates the process of replacing existing certificates with new ones stored in PEM format. Use the certificates command to replace self-signed certificates with signed ones or replace expiring certificates with new ones. To create signed certificates, see Create Self-Signed SSL Certificates for VMware Cloud Director on Linux.
cell-management-tool certificates options
Starting with VMware Cloud Director 10.4.1, --http and --consoleproxy are legacy flags. If you do not provide either of them, VMware Cloud Director reconfigures the HTTP certificates. You cannot import certificates by providing only --consoleproxy. You can import certificates by providing only --http. If you provide both --http and --consoleproxy, VMware Cloud Director ignores --consoleproxy and updates only the HTTP certificates.
Option | Argument | Description |
---|---|---|
--help (-h) | None | Provides a summary of available commands in this category. |
--config (-c) | full pathname to the cell's global.properties file | Defaults to $VCLOUD_HOME/etc/global.properties. |
--http (-j) | None | Replace the certificate file named certificates.pem and the private key file named certificates.key used by the HTTP endpoint. |
--consoleproxy (-p) | None | For VMware Cloud Director 10.4, if LegacyConsoleProxy is enabled, replace the certificate file named proxycertificates.pem and the private key file named proxycertificates.key used by the console proxy endpoint. |
--responses (-r) | full pathname to the cell's responses.properties file | Defaults to $VCLOUD_HOME/etc/responses.properties. |
--cert | cert-pathname | Full pathname to a PEM-encoded X.509 certificate. |
--key | key-pathname | Full pathname to a PEM-encoded PKCS #8 private key for the certificate referenced by the --cert argument. |
--key-password | key-password | Password for the private key referenced by the --key option. |
Replacing certificates
kpw
.
[root@cell1 /opt/vmware/vcloud–director/bin]# ./cell-management-tool certificates -j --cert /opt/vmware/vcloud-director/etc/user.http.pem --key /opt/vmware/vcloud-director/etc/user.http.key --key-password kpw SSL configuration has been updated. You will need to restart the cell for changes to take effect.