The NSX software in the vCloud Director environment provides the ability to use Secure Sockets Layer (SSL) certificates with the SSL VPN-Plus and IPsec VPN tunnels you configure for your edge gateways. If the edge gateway for your vCloud Director organization virtual datacenter has been converted to an advanced edge gateway, you can use the vCloud Director tenant portal to work with that edge gateway's certificates.

The edge gateways in your vCloud Director environment support self-signed certificates, certificates signed by a Certification Authority (CA), and certificates generated and signed by a CA. Using the tenant portal, you can generate certificate signing requests (CSRs), import the certificates, manage the imported certificates, and create certificate revocation lists (CRLs).

About Using Certificates with Your Organization Virtual Datacenter

You can manage certificates for the following networking areas in your vCloud Director organization virtual datacenter.

  • IPsec VPN tunnels between an organization virtual datacenter network and a remote network.

  • SSL VPN-Plus connections between remote users to private networks and web resources in your organization virtual datacenter.

  • An L2 VPN tunnel between two NSX edge gateways.

  • The virtual servers and pools servers configured for load balancing in your organization virtual datacenter

How to Use Client Certificates

You can create a client certificate through a CAI command or REST call. You can then distribute this certificate to your remote users, who can install the certificate on their web browser.

The main benefit of implementing client certificates is that a reference client certificate for each remote user can be stored and checked against the client certificate presented by the remote user. To prevent future connections from a certain user, you can delete the reference certificate from the security server's list of client certificates. Deleting the certificate denies connections from that user.