Use the generate-certs command of the cell management tool to generate self-signed SSL certificates for the HTTP and Console Proxy endpoints.
Each vCloud Director server group must support two SSL endpoints: one for the HTTP service and another for the console proxy service. The HTTP service endpoint supports the vCloud Director Web Console and the vCoud API. The remote console proxy endpoint supports VMRC connections to vApps and VMs.
The generate-certs command of the cell management tool automates the Create a Self-Signed SSL Certificate procedure shown in the vCloud Director Installation and Upgrade Guide.
cell-management-tool generate-certs options
|--help (-h)||None||Provides a summary of available commands in this category.|
|--expiration (-x)||days-until-expiration||Number of days until the certificates expire. Defaults to 365|
|--issuer (-i)||name=value [, name=value, ...]||X.509 distinguished name of the certificate issuer. Defaults to
|--httpcert (-j)||None||Generate a certificate for the http endpoint.|
|--key-size (-s)||key-size||Size of key pair expressed as an integer number of bits. Defaults to 2048. Note that key sizes smaller than 1024 are no longer supported per NIST Special Publication 800-131A.|
|--keystore-pwd (-w)||keystore-password||Password for the keystore on this host.|
|--out (-o)||keystore-pathname||Full pathname to the keystore on this host.|
|--consoleproxycert (-p)||None||Generate a certificate for the console proxy endpoint.|
Creating Self-Signed Certificates
Both of these examples assume a keystore at /tmp/cell.ks that has the password
kspw. This keystore is created if it does not already exist.
CN=Unknown. The certificate uses the default 2048-bit key length and expires one year after creation.
[root@cell1 /opt/vmware/vcloud-director/bin]# ./cell-management-tool generate-certs -j -p -o /tmp/cell.ks -w kspw New keystore created and written to /tmp/cell.ks.
CN=Test, L=London, C=GB. The new certificate for the http connection has a 4096 bit key and expires 90 days after creation. The existing certificate for the console proxy endpoint is unaffected.
[root@cell1 /opt/vmware/vcloud-director/bin]# ./cell-management-tool generate-certs -j -o /tmp/cell.ks -w kspw -i "CN=Test, L=London, C=GB" -s 4096 -x 90 New keystore created and written to /tmp/cell.ks.
vcloud.vcloud. The vCloud Director installer creates this user and group.