Use the generate-certs command of the cell management tool to generate new self-signed SSL certificates for the cell.
The generate-certs command of the cell management tool automates the Create a Self-Signed SSL Certificate procedure shown in the vCloud Director Installation and Upgrade Guide.
cell-management-tool generate-certs options
|--help (-h)||None||Provides a summary of available commands in this category.|
|--expiration (-x)||days-until-expiration||Number of days until the certificates expire. Defaults to 365|
|--issuer (-i)||name=value [, name=value, ...]||X.509 distinguished name of the certificate issuer. Defaults to
|--httpcert (-j)||None||Generate a certificate for the http endpoint.|
|--key-size (-s)||key-size||Size of key pair expressed as an integer number of bits. Defaults to 2048. Note that key sizes smaller than 1024 are no longer supported per NIST Special Publication 800-131A.|
|--keystore-pwd (-w)||keystore-password||Password for the keystore on this host.|
|--out (-o)||keystore-pathname||Full pathname to the keystore on this host.|
|--consoleproxycert (-p)||None||Generate a certificate for the console proxy endpoint.|
Creating Self-Signed Certificates
Both of these examples assume a keystore at /tmp/cell.ks that has the password
kspw. This keystore is created if it does not already exist.
CN=Unknown. The certificate uses the default 2048-bit key length and expires one year after creation.
[root@cell1 /opt/vmware/vcloud-director/bin]# ./cell-management-tool generate-certs -j -p -o /tmp/cell.ks -w kspw New keystore created and written to /tmp/cell.ks.
CN=Test, L=London, C=GB. The new certificate for the http connection has a 4096 bit key and expires 90 days after creation. The existing certificate for the console proxy endpoint is unaffected.
[root@cell1 /opt/vmware/vcloud-director/bin]# ./cell-management-tool generate-certs -j -o /tmp/cell.ks -w kspw -i "CN=Test, L=London, C=GB" -s 4096 -x 90 New keystore created and written to /tmp/cell.ks.