This section describes how to install an SSL certificate.

To install an SSL certificate:

1. Login into the VCO console. If you configured the VeloCloud Orchestrator as described here, you should be able to log into the virtual machine with the user name vcadmin and password that you defined when you created the cloud-init ISO).
2. Generate the VCO private key.
   Note: Do not encrypt the key. It must remain unencrypted on the VCO system.

   openssl genrsa -out server.key 2048

3. Generate a certificate request. Customize -subj according to your organization information.

   openssl req -new -key server.key -out
   server.csr -subj "/C=US/ST=California/L=Mountain View/O=Velocloud Networks
   Inc./OU=Development/CN=vco.velocloud.net" 

   Description of Subject fields:

   Field	Description
   C	country
   ST	state
   L	locality (city)
   O	company
   OU	department (optional)
   CN	VCO fully qualified domain name

4. Send server.csr to a Certificate Authority for signing. You should get back the SSL certificate (server.crt). Ensure that it is in the PEM format.
5. Install the certificate (which requires root access). VCO SSL certificates are located in /etc/nginx/velocloud/ssl/.

   cp server.key server.crt /etc/nginx/velocloud/ssl/
   chmod 600 /etc/nginx/velocloud/ssl/server.key

6. Restart nginx.

   Service nginx restart