After you update the vCloud Director certificate, you must configure all related components to work with the new certificate.

Procedure

  1. Update the vCloud Director certificate. For more information on how to create and import a signed SSL certificate, see the vCloud Director Installation and Upgrade Guide.
  2. Update the vCloud Director public endpoint configuration. For more information on how to customize public endpoints, see the vCloud Director Administrator's Guide.

    If you have not configured vCloud Director public endpoints, you can skip this step.

  3. To use the new certificate, update all Cloud Proxy hosts. For more information, see (Optional) Create Cloud Proxy.

    If the Cloud Proxy hosts use their own certificates and these certificates are not expiring, you can skip this step.

  4. Register the vCenter Server Lookup Service.
    1. Log in to the vCloud Director Web console.
    2. Unregister the vCenter Server Lookup Service.
    3. Disable SSO.
    4. Register the vCenter Server Lookup Service.
    5. Enable SSO.
  5. Create a trust for the vCloud Director certificate. For more information, see Create a Certificate Trust.
  6. Configure vSphere Replication Cloud Service host.

    Repeat this step for every vSphere Replication Cloud Service host.

    1. Create an SSH connection to the vSphere Replication Cloud Service host.
    2. Restart the hcs service by running the service hcs restart command.
    3. Verify that the hcs service starts successfully.

      Standard Command

      Command Using Registry

      # vcav hcs wait-for-extension \
      --hcs-address=$HCS_ADDRESS \
      --vcd-address=$VCD_ADDRESS \
      --vcd-user=$VCD_USER \
      --vcd-password-file=~/.ssh/.vcd \
      --sso-user=$SSO_USER \
      --sso-password-file=~/.ssh/.sso \
      # vcav hcs wait-for-extension \
      --hcs-address=$HCS_ADDRESS \
      --vcd=vcd-name

      If the hcs service starts successfully, the system displays an ОК message.

      If the system returns an error, or there is no output in 5 minutes, check the /opt/VMware/logs/hms/hcs.log file.

  7. Configure the vCloud Availability for vCloud Director Portal hosts to use the new vCloud Director certificate by running the following command.

    Standard Command

    Command Using Registry

    # vcav vcd-ui configure \
    --reconfigure \
    --ui-address=$UI01_ADDRESS \
    --vcd-address=vcd-address \
    --vcd-user=$VCD_USER \
    --vcd-password-file=~/.ssh/.vcd
    # vcav vcd-ui configure \
    --reconfigure \
    --ui-address=$UI_ADDRESS \
    --vcd=vcd-name

    The system returns an OK message, after the process finishes.

Results

You have successfully updated the vCloud Director certificate.

What to do next

If you are using a self-signed certificate and you change the certificate for the to-the-cloud endpoint, you must update the tenant vSphere Replication Appliance certificate. For more information, see Update the vSphere Replication Appliances to Trust the vCloud Director Self-Signed Certificate in a Development Environment . You must also reconnect to the cloud provider and accept the new certificate. For more information, see Configure Cloud Provider.