If any members of your vCloud Director server group are using self-signed SSL certificates, you can upgrade them to signed SSL certificates to obtain a higher level of trust within your cloud.
You can use the vCloud Director configuration script to upgrade the SSL certificates on a vCloud Director server. When you run this script on a server that has already been configured, it validates the database connection details and prompts for SSL certificate information, but skips all the other configuration steps, so that the existing configuration is not modified.
Each vCloud Director server requires two SSL certificates, one for each of its IP addresses, in a Java keystore file. You must execute this procedure for each member of your vCloud Director server group. You can use signed certificates (signed by a trusted certification authority) or self-signed certificates. Signed certificates provide the highest level of trust.
This procedure requires you to stop vCloud Director services on each server for which you replace certificates. Stopping a server can have an impact on cloud operations.
- Have the following information available:
- Location and password of the keystore file that includes the SSL certificates for this server. See the vCloud Director Installation and Configuration Guide. The configuration script does not run with a privileged identity, so the keystore file and the directory in which it is stored must be readable by any user.
- Password for each SSL certificate.
- Log in to the target server as root.
- Stop vCloud Director services on the server.
- Run the configuration script on the server.
Open a console, shell, or terminal window, and type:
- Specify the full path to the Java keystore file that holds the new certificates.
Please enter the path to the Java keystore containing your SSL certificates and private keys:/opt/keystore/certificates.ks
- Enter the keystore and certificate passwords.
Please enter the password for the keystore: Please enter the private key password for the 'http' SSL certificate: Please enter the private key password for the 'consoleproxy' SSL certificate:
The configuration script replaces the certificates and re-starts vCloud Director services on the server.
What to do next
If you have acquired new certificates for any other members of the vCloud Director server group, use this procedure to replace the existing certificates on those servers