Use the import-trusted-certificates command of the cell management tool to import certificates for use in establishing secure connections to external services like AMQP and the vCloud Director database.

Before it can make a secure connection to an external service, vCloud Director must establish a valid chain of trust for that service by importing the service's certificates into its own truststore. To import trusted certificates to the cell's truststore, use a command with the following form:
cell-management-tool import-trusted-certificates options
Table 1. Cell Management Tool Options and Arguments, import-trusted-certificates Subcommand
Option Argument Description
--help (-h) None Provides a summary of available commands in this category.
--destination path name Full path name to the destination truststore. Defaults to /opt/vmware/vcloud-director/jre/lib/security/cacerts if not provided on the command line.
--destination-password string Keystore password for the keystore in --destination . If --destination is omitted or set to the default JRE keystore (/opt/vmware/vcloud-director/jre/lib/security/cacerts), the password defaults to changeit if not provided on the command line.
--destination-type keystore type One of JKS, JCEKS (default)
--force None Overwrite any existing certificate in --destination .
--private-key-path Absolute path of private key that has had its public key added to the authorized_keys of other cells in the server group. When you use this option and the --source path name is accessible by all cells, the specified certificate is imported into all cells in the server group.
--source path name Full path name to source PEM file.

Importing Trusted Certificates

This example imports the certificates found at /tmp/demo.pem to the system's default keystore. Because the --destination option specifies the default keystore for the system JRE and the keystore password is not supplied on the command line, the system uses the default password defined by the system JRE.
[root@cell1 /opt/vmware/vcloud–director/bin]# ./cell-management-tool import-trusted-certificates --source /tmp/demo.pem --destination /opt/vmware/vcloud-director/jre/lib/security/cacerts
Successfuly stored certificates in truststore.