vCloud Director uses SSL to secure communications between clients and servers. Before you install vCloud Director for Linux, you must create two certificates for each member of the server group and import the certificates into host keystores.
This procedure is required only for installing vCloud Director on Linux. The vCloud Director appliance first boot creates a self-signed SSL certificate. After the appliance deployment, you can Create and Import a Signed SSL Certificate.
Each vCloud Director server must support two different SSL endpoints. These endpoints can be separate IP addresses, or a single IP address with two different ports. Each endpoint requires its own SSL certificate. Certificates for both endpoints must include an X.500 distinguished name. Many certificate authorities recommend including an X.509 Subject Alternative Name extension in certificates they grant. vCloud Director does not require certificates to include a Subject Alternative Name.
- List the IP addresses for this server.
Use a command like ifconfig to discover this server's IP addresses.
- For each IP address, run the following command to retrieve the fully qualified domain name to which the IP address is bound.
- Make a note of each IP address and the fully qualified domain name associated with it. Decide which IP address is for the HTTP service and which IP address is for the console proxy service.
You must provide the fully qualified domain names when you create the certificates, and the IP addresses when you configure the network and database connections. If any, make a note of other fully qualified domain names that can reach the IP address, because you must provide them if you want the certificate to include a Subject Alternative Name.
- Create the certificates.
You can use certificates signed by a trusted certification authority, or self-signed certificates.Note:
Signed certificates provide the highest level of trust.