After you deploy vCloud Usage Meter, the appliance generates a self-signed SSL certificate. When you access the vCloud Usage Meter Web interface over HTTPS for the first time, you are prompted to manually trust the self-signed certificate.
You can secure the connection to vCloud Usage Meter by replacing the vCloud Usage Meter self-signed certificate with by using an external or internal Certification Authority (CA) - signed certificate.
When running, all vCloud Usage Meter applications use the same keystore and CA certificate store. The NGINX certificates are updated on OS startup. Unless specifically noted, you can run commands on the vCloud Usage Meter console as usagemeter.
To allow remote interaction with the vCloud Usage Meter console, you can activate SSH or invoke the commands in a vSphere web console.
The vCloud Usage Meter appliance stores the certificates in a Java key store at /opt/vmware/cloudusagemetering/platform/security/keystore.
Import an Internal Certificate Authority (CA) - Signed Certificate
If you want to replace the vCloud Usage Meter certificate with a certificate signed by an internal Certificate Authority (CA), you must first import the CA to the vCloud Usage Meter appliance.
Prerequisites
- Verify that you have access to the vCloud Usage Meter console as usagemeter.
- Verify that you have access to the vCloud Usage Meter console as root.
Procedure
Install a Certificate Authority (CA) - Signed Certificate
To establish a secure network connection to the vCloud Usage Meter Web interface, you can install a CA-signed SSL certificate on the vCloud Usage Meter appliance.
To obtain a CA-signed certificate and private key, you must generate a certificate signing request. The certificate authority uses the request to generate the official certificate.
Prerequisites
- Verify that you have access to the vCloud Usage Meter console as usagemeter.
- From the certificate authority, obtain both the private key and the signed certificate. Both files must be in PEM format.
Procedure
Replace the Default Appliance Self-Signed SSL Certificate With a New Self-Signed Certificate
You can replace the default vCloud Usage Meter appliance self-signed certificate by generating and installing a new self-signed certificate.
Prerequisites
- Verify that you have access to the vCloud Usage Meter console as usagemeter.
- Verify that you have access to the vCloud Usage Meter console as root.
Procedure
Import a Certificate to the vCloud Usage Meter Appliance Keystore
If the instance you want to add for metering uses network and security configuration entities such as load balancer, proxy, or firewall, or you use proxy over HTTPS, you must import their certificates to the vCloud Usage Meter appliance keystore.
To import the certificate of a network and security configuration entity to the vCloud Usage Meter apliance keystore, you must obtain the password of the truststore. The password is located at /opt/vmware/cloudusagemetering/conf/env.properties.
Prerequisites
Verify that you have access to the vCloud Usage Meter appliance as usagemeter.
Verify that you have access to the vCloud Usage Meter appliance as root.