Use the certificates command of the cell management tool to replace the cell's SSL certificates.
The certificates command of the cell management tool automates the process of replacing a cell's existing certificates with new ones stored in a JCEKS keystore. The certificates command helps you replace self-signed certificates with signed ones. To create a JCEKS keystore containing signed certificates, see Create a Self-Signed SSL Certificate in the vCloud Director Installation and Upgrade Guide.
cell-management-tool certificates options
|--help (-h)||None||Provides a summary of available commands in this category.|
|--config (-c)||full pathname to the cell's global.properties file||Defaults to $VCLOUD_HOME/etc/global.properties.|
|--httpks (-j)||None||Replace the keystore file named certificates used by the http endpoint.|
|--consoleproxyks (-p)||None||Replace the keystore file named proxycertificates used by the console proxy endpoint.|
|--responses (-r)||full pathname to the cell's responses.properties file||Defaults to$VCLOUD_HOME/etc/responses.properties.|
|--keystore (-k)||keystore-pathname||Full pathname to a JCEKS keystore containing the signed certificates. Deprecated -s short form replaced by -k.|
|--keystore-password (-w)||keystore-password||Password for the JCEKS keystore referenced by the --keystore option. Replaces deprecated -kspassword and --keystorepwd options.|
kspw. This example replaces the cell's existing http endpoint certificate with the one found in /tmp/my-new-certs.ks
[root@cell1 /opt/vmware/vcloud–director/bin]# ./cell-management-tool certificates -j -k /tmp/my-new-certs.ks -w kspw Certificate replaced by user specified keystore at /tmp/new.ks. You will need to restart the cell for changes to take effect.