You can update the digital certificates for the OpenStack services in your deployment.

The certificates that you add must be signed by a certificate authority (CA) and created from a certificate signing request (CSR) generated by VMware Integrated OpenStack. There is no support for using wildcard certificates.
Note:

If you want public CA to sign VMware Integrated OpenStack certificate, you must call VMware GSS for detailed steps.

Procedure

  1. Log in to the Integrated OpenStack Manager as the root user.
    ssh root@mgmt-server-ip
  2. Run the viocli create csr command to generate certificate signing requests for the desired services.
    viocli create csr [-c country-name] [-t state-name] [-l city-name] [-n org-name] [-u org-unit] -s vio [-d output-directory]

    For command syntax, see viocli create Command.

  3. Use the generated CSRs to obtain certificate from a CA.
  4. Transfer the certificate, CAs root certificate and all intermediate CA certificates to a directory on the Integrated OpenStack Manager.
  5. Run the viocli import certificate command to import the certificates into VMware Integrated OpenStack.
    viocli import certificate -d cert-directory
  6. Restart the OpenStack services for the new certificate.
    viocli stop services
    viocli start services

Results

You can see the newly imported certificate in your deployment. To view the current certificate, run the viocli get certificates -s vio. For more information about adding certificates, see KB 78050.