Self-signed certificates can provide a convenient way to configure SSL for VMware Cloud Director in environments where trust concerns are minimal.
Starting with VMware Cloud Director 10.4, both the console proxy traffic and HTTPS communications go over the default 443 port. You do not need a separate certificate for the console proxy.
For VMware Cloud Director 10.4, if you want to use the legacy implementation with a dedicated console proxy access point, you can enable the LegacyConsoleProxy feature from the Feature Flags settings menu under the Administration tab of the Service Provider Admin Portal. To enable the LegacyConsoleProxy feature, your installation or deployment must have console proxy settings configured in a previous version and transferred through a VMware Cloud Director upgrade. After enabling or deactivating the feature you must restart the cells. If you enable the legacy console proxy implementation, the console proxy must have a separate certificate. See the VMware Cloud Director 10.3 version of this document.
You use the cell-management-tool
to create the self-signed SSL certificates. The cell-management-tool
utility is installed on the cell before the configuration agent runs and after you run the installation file. See Install VMware Cloud Director on the First Member of a Server Group.
Procedure
What to do next
Make note of the certificate and private key path names. You need these path names when you run the configuration script to create the network and database connections for the VMware Cloud Director cell. See Configure the Network and Database Connections.