If you have your own private key and CA-signed certificate files, importing them into your VMware Cloud Director environment provides the highest level of trust for SSL communications and helps you secure the connections within your cloud infrastructure.
Important: For certificates documentation for
VMware Cloud Director 10.5.1 and later, see
Certificate Management in the VMware Cloud Director Appliance 10.5.1 and Later. Starting with
VMware Cloud Director 10.5.1, the certificates command of the cell management tool is deprecated. The
certificates
command appears to work correctly, but after a cell restart, the changes are not in effect because the cell no longer reads the certificate files from the files on-disk. In version 10.5.1 and later,
VMware Cloud Director reads the certificates from the
Certificates Library.
Starting with VMware Cloud Director 10.4, both the console proxy traffic and HTTPS communications go over the default 443 port. You do not need a separate certificate for the console proxy.
Note:
VMware Cloud Director 10.4.1 and later do not support the legacy implementation of the console proxy feature.
Prerequisites
To verify that this is the relevant procedure for your environment needs, familiarize yourself with SSL Certificate Creation and Management of Your VMware Cloud Director Appliance.
- Copy your intermediate certificates, root CA certificate, CA-signed HTTPS service certificate to the appliance.
- Verify that the key and certificate you want to import are a PEM-encoded PKCS #8 private key and a PEM-encoded X.509 certificate.
Procedure
What to do next
- If you are using wildcard certificates, see Deploy Your VMware Cloud Director 10.5.0 Appliance with a Signed Wildcard Certificate for HTTPS Communication.
- If you are not using wildcard certificates, repeat this procedure on all VMware Cloud Director appliance cells in the server group.
- For more information on replacing the certificates for the embedded PostgreSQL database and for the VMware Cloud Director appliance management user interface, see Replace a Self-Signed Embedded PostgreSQL and VMware Cloud Director Appliance Management UI Certificate.