You can update the digital certificates for the OpenStack services in your deployment.

The certificates that you add must be signed by a certificate authority (CA) and created from a certificate signing request (CSR) generated by VMware Integrated OpenStack. Using wildcard certificates is not supported.

Procedure

  1. Log in to the Integrated OpenStack Manager as the root user. 
    ssh root@mgmt-server-ip
  2. Run the viocli create csr command to generate certificate signing requests for the desired services. 
    viocli create csr [-c country-name] [-t state-name] [-l city-name] [-n org-name] [-u org-unit] [-s service1,...] [-d output-directory]

    For command syntax, see viocli create Command.

  3. Use the generated CSRs to obtain certificates from a CA.
  4. Transfer the certificates to a directory on the Integrated OpenStack Manager.
  5. Run the viocli import certificate command to import the certificates into VMware Integrated OpenStack. 
    viocli import certificate -d cert-directory
  6. Restart OpenStack services to make the new certificates take effect. 
    viocli stop services
viocli start services

Results

The new certificates are imported into your deployment. You can run the viocli get certificates command to view the current certificate for each service.