When you install vCloud Director for Linux, you must create two certificates for each member of the server group and import the certificates into host keystores.
Note: You must create the certificates for the server group members only after installing vCloud Director on Linux. The vCloud Director appliance creates self-signed SSL certificates during its first boot.
- Log in to the vCloud Director server as root.
- List the IP addresses for the server.
Use a command, such as ifconfig, to discover this server's IP addresses.
- For each IP address, run the following command to retrieve the fully qualified domain name (FQDN) to which the IP address is bound.
- Make a note of each IP address and the FQDN associated with it. If you are not using a single IP address for both services, decide which IP address is for the HTTPS service and which is for the console proxy service.
You must provide the FQDNs when you create the certificates and the IP addresses when you configure the network and database connections. Make a note of any other FQDNs that can reach the IP address, because you must provide them if you want the certificate to include a Subject Alternative Name.
What to do next
Note: CA-signed certificates provide the highest level of trust.
- For information on creating and importing CA-signed SSL certificates, see Create an CA-Signed SSL Certificate Keystore for vCloud Director on Linux.
- For information on creating self-signed SSL certificates, see Create Self-Signed SSL Certificates for vCloud Director on Linux.
- For information on importing your own private key and CA-signed certificate files, see Import Private Keys and CA-Signed SSL Certificates.