vCloud Director uses SSL to secure communications between clients and servers. Before you install and configure a vCloud Director server group, you must create two certificates for each member of the group and import the certificates into host keystores.

About this task

Each vCloud Director server must support two different SSL endpoints. These endpoints can be separate IP address, or a single IP address with two different ports. Each endpoint requires its own SSL certificate. Certificates for both endpoints must include an X.500 distinguished name. Many certificate authorities recommend including an X.509 Subject Alternative Name extension in certificates they grant. vCloud Director does not require certificates to include a Subject Alternative Name.

Procedure

  1. List the IP addresses for this server.

    Use a command like ifconfig to discover this server's IP addresses.

  2. For each IP address, run the following command to retrieve the fully qualified domain name to which the IP address is bound.
    nslookup ip-address
  3. Make a note of each IP address, the fully qualified domain name associated with it, and whether vCloud Director should use the address for the HTTP service or the console proxy service.

    You need the fully qualified domain names when you create the certificates, and the IP addresses when you configure network and database connections. If the IP address can be reached by other fully qualified domain names, make a note of those too, since you will need to supply them if you want the certificate to include a Subject Alternative Name.

  4. Create the certificates.

    You can use certificates signed by a trusted certification authority, or self-signed certificates.

    Note:

    Signed certificates provide the highest level of trust.