Creating and importing certificates signed by a certificate authority (CA) for your VMware Cloud Director appliance provides the highest level of trust for SSL communications and helps you secure the connections within your cloud.
Upon deployment, the VMware Cloud Director appliance generates self-signed certificates with a 2048-bit key size. You must evaluate your installation's security requirements before choosing an appropriate key size. Key sizes less than 1024 bits are no longer supported per NIST Special Publication 800-131A.
The private key password used in this procedure is the root user password, and it is represented as root_password.
Starting with VMware Cloud Director 10.4, both the console proxy traffic and HTTPS communications go over the default 443 port.
certificates
command appears to work correctly, but after a cell restart, the changes are not in effect because the cell no longer reads the certificate files from the files on-disk. In version 10.5.1 and later,
VMware Cloud Director reads the certificates from the
Certificates Library.
Prerequisites
To verify that this is the relevant procedure for your environment needs, familiarize yourself with SSL Certificate Creation and Management of Your VMware Cloud Director Appliance.
Procedure
What to do next
- If you are using wildcard certificates, follow the Deploy Your VMware Cloud Director 10.5.0 Appliance with a Signed Wildcard Certificate for HTTPS Communication procedure so that any future appliance instances that you add to the cluster use the same wildcard signed certificates.
- Repeat this procedure on all VMware Cloud Director appliance instances in the server group.
- For more information on replacing the certificates for the embedded PostgreSQL database and for the VMware Cloud Director appliance management user interface, see Replace a Self-Signed Embedded PostgreSQL and VMware Cloud Director Appliance Management UI Certificate.