Use the import-trusted-certificates command of the cell management tool to import certificates for use in establishing secure connections to external services like AMQP and the vCloud Director database.
Before it can make a secure connection to an external service, vCloud Director must establish a valid chain of trust for that service by importing the service's certificates into its own truststore. To import trusted certificates to the cell's truststore, use a command with the following form:
cell-management-tool import-trusted-certificates options
|--help (-h)||None||Provides a summary of available commands in this category.|
|--destination||path name||Full path name to the destination truststore. Defaults to /opt/vmware/vcloud-director/jre/lib/security/cacerts if not provided on the command line.|
|--destination-password||string||Keystore password for the keystore in --destination . If --destination is omitted or set to the default JRE keystore (/opt/vmware/vcloud-director/jre/lib/security/cacerts), the password defaults to
|--destination-type||keystore type||One of JKS, JCEKS (default)|
|--force||None||Overwrite any existing certificate in --destination .|
|--private-key-path||Absolute path of private key that has had its public key added to the authorized_keys of other cells in the server group.||When you use this option and the --source path name is accessible by all cells, the specified certificate is imported into all cells in the server group.|
|--source||path name||Full path name to source PEM file.|
Importing Trusted Certificates
This example imports the certificates found at /tmp/demo.pem to the system's default keystore. Because the --destination option specifies the default keystore for the system JRE and the keystore password is not supplied on the command line, the system uses the default password defined by the system JRE.
[root@cell1 /opt/vmware/vcloud–director/bin]# ./cell-management-tool import-trusted-certificates --source /tmp/demo.pem --destination /opt/vmware/vcloud-director/jre/lib/security/cacerts Successfuly stored certificates in truststore.