Adding a CA certificate to an edge gateway in VMware Cloud Director enables trust verification of SSL certificates that are presented to the edge gateway for authentication, typically the client certificates used in VPN connections to the edge gateway.

You usually add the root certificate of your company or organization as a CA certificate. A typical use is for SSL VPN, where you want to authenticate VPN clients using certificates. Client certificates can be distributed to the VPN clients and when the VPN clients connect, their client certificates are validated against the CA certificate.

Note: When adding a CA certificate, you typically configure a relevant Certificate Revocation List (CRL). The CRL protects against clients that present revoked certificates. See Add a Certificate Revocation List to an Edge Gateway Using Your VMware Cloud Director Tenant Portal.

Prerequisites

Verify that you have the CA certificate data in PEM format. In the user interface, you can either paste in the PEM data of the CA certificate or browse to a file that contains the data and is available in your network from your local system.

Procedure

  1. Open Edge Gateway Services.
    1. In the top navigation bar, click Networking and click Edge Gateways.
    2. Select the edge gateway that you want to edit and click Services.
  2. Click the Certificates tab.
  3. Click CA certificate.
  4. Provide the CA certificate data.
    • If the data is in a PEM file on a system you can navigate to, click the Upload button to browse to the file and select it.
    • If you can copy and paste the PEM data, paste it into the CA Certificate (PEM format) field.

      Include the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines.

  5. (Optional) Enter a description.
  6. Click Keep.

Results

The CA certificate with type CA Certificate appears in the on-screen list. This CA certificate is now available for you to specify when you configure the VPN-related settings of the edge gateway.