To establish a secure network connection to the vCloud Usage Meter Web interface, you must install a CA-signed SSL certificate on the vCloud Usage Meter appliance.

After you deploy vCloud Usage Meter, the appliance generates a self-signed SSL certificate. When you access the vCloud Usage Meter Web interface over HTTPS for the first time, you are prompted to manually trust the self-signed certificate.

You can secure the connection to vCloud Usage Meter by replacing the vCloud Usage Meter self-signed certificate with a CA-signed SSL certificate.

To obtain a CA-signed certificate and private key, you must generate a certificate signing request that is passed to the certificate authority to generate the official certificate.

Prerequisites

  • You can log in to the to the vCloud Usage Meter console as usagemeter.
  • You can log in to the to the vCloud Usage Meter console as root.
  • From the certificate authority, obtain the usagemeter.key file containing the private key and the usagemeter.crt file containing the signed certificate. Both files must be in PEM format.

Procedure

  1. Log in to the vCloud Usage Meter console as usagemeter.
  2. Enable SSH on the appliance. 
    su root -c "systemctl enable sshd"
  3. Enter the root password.
  4. Start the SSH service on the appliance. 
    su root -c "systemctl start sshd"
  5. Enter the root password.
  6. Copy the usagemeter.key and the usagemeter.crt files to the tmp folder on the vCloud Usage Meter console.
    You can use a SCP software like WinSCP on Windows.
  7. Enter the conf folder. 
    cd /opt/vmware/cloudusagemetering/conf
  8. Create a nginx/ssl directory to store the private key and the signed certificate files. 
    mkdir nginx
    mkdir nginx/ssl
  9. Move the private key and certificate files from the tmp folder to the nginx/ssl folder. 
    mv /tmp/usagemeter.crt nginx/ssl
    mv /tmp/usagemeter.key nginx/ssl
  10. Configure restrictive permissions for both files. 
    chmod 600 nginx/ssl/*
  11. Create a backup copy of the nginx.conf file. 
    cp nginx.conf nginx.conf.bak
  12. Add the CA-signed certificates in the nginx.conf file.
    1. Open the nginx.conf file for editing. 
      vi nginx.conf
    2. To add the certificate and the private key, edit the following entries. 
      ssl_certificate nginx/ssl/usagemeter.crt
       ssl_certificate_key nginx/ssl/usagemeter.key
    3. Save the nginx.conf file. 
      :wq!
  13. Using the vSphere Client (HTML5), reboot the vCloud Usage Meter virtual machine.
    If the installation of the CA-signed SSL certificate on the vCloud Usage Meter appliance is successful, no security warning is displayed the next time you log in to the vCloud Usage Meter Web interface.