If you want to deployVMware Cloud Director appliance 10.4, see Deploy the VMware Cloud Director Appliance 10.4 with a Signed Wildcard Certificate for HTTPS Communication.

By default, when deploying VMware Cloud Director appliances, VMware Cloud Director generates self-signed certificates and uses them to configure the VMware Cloud Director cell for the HTTPS communication.

Starting with VMware Cloud Director 10.4, both the console proxy traffic and HTTPS communications go over the default 443 port. You do not need a separate certificate for the console proxy.

When you successfully deploy a primary appliance, the appliance configuration logic copies the responses.properties file from the primary appliance to the common NFS shared transfer service storage at /opt/vmware/vcloud-director/data/transfer. Other appliances deployed for this VMware Cloud Director server group use this file to configure themselves automatically. The responses.properties file includes a path to the SSL certificate and private key, which includes the auto-generated self-signed certificates user.certificate.path and private key user.key.path. By default, these paths are to PEM files which are local to each appliance.

After you deploy the primary appliance, you can reconfigure it to use signed certificates. For more information on creating the signed certificates, see Create and Import CA-Signed SSL Certificates for VMware Cloud Director Appliance 10.4.1 and Later.

If the signed certificates you use on the primary VMware Cloud Director appliance are wildcard signed certificates, these certificates can apply to all other appliances in the VMware Cloud Director server group, that is, standby cells and VMware Cloud Director application cells. You can use the deployment of the appliance with signed wildcard certificates for HTTPS communication to configure the additional cells with the signed wildcard SSL certificates.