After you generate a Certificate Signing Request (CSR) and obtain the CA-signed certificate based on that CSR, you can import the CA-signed certificate to use it by your edge gateway in VMware Cloud Director.

Prerequisites

Verify that you obtained the CA-signed certificate that corresponds to the CSR. If the private key in the CA-signed certificate does not match the one for the selected CSR, the import process fails.

Procedure

  1. Open Edge Gateway Services.
    1. From the top navigation bar, select Resources, and click the Cloud Resources tab.
    2. In the left panel, click Edge Gateways.
    3. Click the radio button next to the name of the target edge gateway, and click Services.
  2. Click the Certificates tab.
  3. Select the CSR in the on-screen table for which you are importing the CA-signed certificate.
  4. Import the signed certificate.
    1. Click Signed certificate generated for CSR.
    2. Provide the PEM data of the CA-signed certificate.
      • If the data is in a PEM file on a system you can navigate to, click the Upload button to browse to the file and select it.
      • If you can copy and paste the PEM data, paste it into the Signed Certificate (PEM format) field.

        Include the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines.

    3. (Optional) Enter a description.
    4. Click Keep.
      Note: If the private key in the CA-signed certificate does not match the one for the CSR you selected on the Certificates screen, the import process fails.

Results

The CA-signed certificate with type Service Certificate appears in the on-screen list.

What to do next

Attach the CA-signed certificate to your SSL VPN-Plus or IPsec VPN tunnels as required. See Configure SSL VPN Server Settings on an NSX Data Center for vSphere Edge Gateway Using the VMware Cloud Director Service Provider Admin Portal and Specify Global IPsec VPN Settings on an NSX Edge Gateway in the VMware Cloud Director Service Provider Admin Portal.