Use the import-trusted-certificates command of the cell management tool to import certificates for use in establishing secure connections to external services like AMQP and the vCloud Director database.
Before it can make a secure connection to an external service, vCloud Director must establish a valid chain of trust for that service by importing the service's certificates into its own truststore. To import trusted certificates to the cell's truststore, use a command with the following form:
cell-management-tool import-trusted-certificates options
|--help (-h)||None||Provides a summary of available commands in this category.|
|--destination||path name||Full path name to the destination truststore. Defaults to /opt/vmware/vcloud-director/etc/certificates if not provided on the command line.|
|--destination-password||string||Password for the destination truststore. Defaults to the value of
|--destination-type||keystore type||Keystore type of the destination truststore. Can be JKS or JCEKS. Defaults to JCEKS.|
|--force||None||Overwrites the existing certificates in the destination truststore.|
|--source||path name||Full path name to source PEM file.|
Importing Trusted Certificates
This example imports the certificates from /tmp/demo.pem to the vCloud Director local keystore at /opt/vmware/vcloud-director/etc/certificates. vCloud Director stores the keystore password in an encrypted format which the import-trusted-certificates command decrypts.
[root@cell1 /opt/vmware/vcloud–director/bin]# ./cell-management-tool import-trusted-certificates --source /tmp/demo.pem