In the VMware Cloud Director certificates library, you can import certificates used when creating entities that you must secure, such as servers, edge gateways, and so on.

The certificate library contains information about single certificates, certificate chains, private keys, certificate expiration dates, the entities that the certificates secure, and so on.

You must manage the certificate libraries separately for each site.

When using VMware Cloud Director in FIPS mode, you must use FIPS-compatible self-signed certificates and private keys. You can generate self-signed unencrypted certificates and private keys by using OpenSSL. If you generate self-signed certificates and private keys by using OpenSSL, the certificates and private keys are not FIPS-compatible. For more information about FIPS mode, see Activate FIPS Mode on the Cells in the Server Group or Activate or Deactivate FIPS Mode on the VMware Cloud Director Appliance.

Prerequisites

  • Verify that your role includes the Certificate Library: Manage right.
  • Verify that the private keys you want to use are in the PKCS#8 format. VMware Cloud Director does not support private keys generated with the Digital Signature Algorithm (DSA).

Procedure

  1. From the top navigation bar, select Administration.
  2. In the left panel, under Certificate Management, select Certificates Library and click Import.
  3. Enter a name, and optionally, a description for this certificate in the certificate library and click Next.
  4. Upload a PEM file containing the certificate chain that you want to import and click Next.
  5. (Optional) Upload a private key file.
    Your private key file might not be protected with a passphrase.
  6. Click Import.

Results

The imported certificate appears in the list of available certificates during the creation of entities that you must secure.

What to do next

  • Download a certificate.
  • Edit the name and description of a certificate.
  • Delete a certificate. You can delete only certificates that do not secure any entities.
  • Copy the certificate PEM data to the clipboard.