Use the import-trusted-certificates command of the cell management tool to import certificates for use in establishing secure connections to external services like AMQP and the vCloud Director database.

Before it can make a secure connection to an external service, vCloud Director must establish a valid chain of trust for that service by importing the service's certificates into its own truststore. To import trusted certificates to the cell's truststore, use a command with the following form:
cell-management-tool import-trusted-certificates options
Table 1. Cell Management Tool Options and Arguments, import-trusted-certificates Subcommand
Option Argument Description
--help (-h) None Provides a summary of available commands in this category.
--destination path name Full path name to the destination truststore. Defaults to /opt/vmware/vcloud-director/etc/certificates if not provided on the command line.
--destination-password string Password for the destination truststore. Defaults to the value of vcloud.ssl.truststore.password if not provided on the command line.
--destination-type keystore type Keystore type of the destination truststore. Can be JKS or JCEKS. Defaults to JCEKS.
--force None Overwrites the existing certificates in the destination truststore.
--source path name Full path name to source PEM file.

Importing Trusted Certificates

This example imports the certificates from /tmp/demo.pem to the vCloud Director local keystore at /opt/vmware/vcloud-director/etc/certificates. vCloud Director stores the keystore password in an encrypted format which the import-trusted-certificates command decrypts.
[root@cell1 /opt/vmware/vcloud–director/bin]# ./cell-management-tool import-trusted-certificates --source /tmp/demo.pem