After using the vCloud Director tenant portal to generate a Certificate Signing Request (CSR) and obtaining the CA-signed certificate based on that CSR, you can import the CA-signed certificate to be used by your edge gateway.


For the ability to use the vCloud Director tenant portal to work with an edge gateway's settings, the edge gateway must have already been converted to an advanced edge gateway using the Convert to Advanced Gateway action on the edge gateway in the vCloud Director Web console. See the vCloud Director Administrator's Guide for details.

Verify that you have obtained the CA-signed certificate that corresponds to the CSR. If the private key in the CA-signed certificate does not match the one for the selected CSR, the import process fails.


  1. Launch the tenant portal using the following steps.
    1. Log in to the vCloud Director Web console and navigate to the edge gateway.
    2. Right-click the name of the edge gateway and click Edge Gateway Services in the context menu.

      The tenant portal opens in a new browser tab and displays the Edge Gateway screen for that edge gateway.

  2. Click the Certificates tab.
  3. Select the CSR in the on-screen table for which you are importing the CA-signed certificate.
  4. Import the signed certificate by performing the following steps:
    2. Provide the CA-signed certificate's PEM data using one of these methods:
      • If the data is in a PEM file on a system you can navigate to, click the import button to browse to the file and select it.

      • If you can copy and paste the PEM data, paste it into the Signed Certificate (PEM format) field. Include the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines.

    3. (Optional) Type an optional description.
    4. Click Keep.

      If the private key in the CA-signed certificate does not match the one for the CSR you selected on the Certificates screen, the import process fails.


The CA-signed certificate with type Service Certificate appears in the on-screen list.

What to do next

Attach the CA-signed certificate to your SSL VPN-Plus or IPsec VPN tunnels as required. See Configure SSL VPN Server Settings and Specify Global IPsec VPN Settings for information.