Use the import-trusted-certificates command of the cell management tool to import certificates for use in establishing secure connections to external services like AMQP and the vCloud Director database.

Before it can make a secure connection to an external service, vCloud Director must establish a valid chain of trust for that service by importing the service's certificates into its own truststore. To import trusted certificates to the cell's truststore, use a command with the following form:

cell-management-tool import-trusted-certificates options

Table 1. Cell Management Tool Options and Arguments, import-trusted-certificates Subcommand

Option

Argument

Description

--help (-h)

None

Provides a summary of available commands in this category.

--destination

path name

Full path name to the destination truststore. Defaults to /opt/vmware/vcloud-director/jre/lib/security/cacerts if not provided on the command line.

--destination-password

string

Keystore password for the keystore in --destination . If --destination is omitted or set to the default JRE keystore (/opt/vmware/vcloud-director/jre/lib/security/cacerts), the password defaults to changeit if not provided on the command line.

--destination-type

keystore type

One of JKS, JCEKS (default)

--force

None

Overwrite any existing certificate in --destination .

--private-key-path

Absolute path of private key that has had its public key added to the authorized_keys of other cells in the server group.

When you use this option and the --source path name is accessible by all cells, the specified certificate is imported into all cells in the server group.

--source

path name

Full path name to source PEM file.

Importing Trusted Certificates

This example imports the certificates found at /tmp/demo.pem to the system's default keystore. Because the --destination option specifies the default keystore for the system JRE and the keystore password is not supplied on the command line, the system uses the default password defined by the system JRE.

[root@cell1 /opt/vmware/vcloud–director/bin]# ./cell-management-tool import-trusted-certificates --source /tmp/demo.pem --destination /opt/vmware/vcloud-director/jre/lib/security/cacerts
Successfuly stored certificates in truststore.