Self-signed certificates can provide a convenient way to configure SSL for vCloud Director in environments where trust concerns are minimal.
Each vCloud Director server requires two SSL certificates in a JCEKS keystore file, one for the HTTPS service and one for the console proxy service.
You use the
cell-management-tool to create the self-signed SSL certificates. The
cell-management-tool utility is installed on the cell before the configuration agent runs and after you run the installation file. See Install vCloud Director on the First Member of a Server Group.
- Log in directly or by using an SSH client to the OS of the vCloud Director server as root.
- Run the command to create a public and private key pair for the HTTPS service and for the console proxy service.
/opt/vmware/vcloud-director/bin/cell-management-tool generate-certs -j -p -o certificates.ks -w passwd
The command creates or updates a keystore at certificates.ks that has the password
cell-management-toolcreates the certificates by using the command's default values. Depending on the DNS configuration of your environment, the Issuer CN is set to either the IP address or the FQDN for each service. The certificate uses the default 2048-bit key length and expires one year after creation.Important: The keystore file and the directory in which it is stored must be readable by the user . The vCloud Director installer creates this user and group.
What to do next
Make note of the keystore path name. You need the keystore path name when you run the configuration script to create the network and database connections for the vCloud Director cell. See Configure the Network and Database Connections.