After using the vCloud Director tenant portal to generate a Certificate Signing Request (CSR) and obtaining the CA-signed certificate based on that CSR, you can import the CA-signed certificate to be used by your edge gateway.

Prerequisites

To use the vCloud Director tenant portal to work with an edge gateway's settings, the edge gateway must be converted to an advanced edge gateway. You can do this on the edge gateway in the vCloud Director Web console or from the tenant portal. For details on performing this step from the tenant portal, see Convert an Edge Gateway to an Advanced Edge Gateway.

Verify that you have obtained the CA-signed certificate that corresponds to the CSR. If the private key in the CA-signed certificate does not match the one for the selected CSR, the import process fails.

Procedure

  1. Launch Edge Gateway Services by completing the following steps.
    1. Click Network > Edge Gateway.
    2. Select the edge gateway to edit, and click Configure Services.

      The tenant portal opens Edge Gateway Services.

  2. Click the Certificates tab.
  3. Select the CSR in the on-screen table for which you are importing the CA-signed certificate.
  4. Import the signed certificate by performing the following steps:
    1. Click + SIGNED CERTIFICATE GENERATED FOR CSR.
    2. Provide the CA-signed certificate's PEM data using one of these methods:
      • If the data is in a PEM file on a system you can navigate to, click the import button to browse to the file and select it.

      • If you can copy and paste the PEM data, paste it into the Signed Certificate (PEM format) field. Include the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines.

    3. (Optional) : Type an optional description.
    4. Click Keep.
      Note:

      If the private key in the CA-signed certificate does not match the one for the CSR you selected on the Certificates screen, the import process fails.

Results

The CA-signed certificate with type Service Certificate appears in the on-screen list.

What to do next

Attach the CA-signed certificate to your SSL VPN-Plus or IPsec VPN tunnels as required. See Configure SSL VPN Server Settings and Specify Global IPsec VPN Settings for information.