After you deploy vCloud Usage Meter, the appliance generates a self-signed SSL certificate. When you access the vCloud Usage Meter Web interface over HTTPS for the first time, you are prompted to manually trust the self-signed certificate.
You can secure the connection to vCloud Usage Meter by replacing the vCloud Usage Meter self-signed certificate with by using an external or internal Certification Authority (CA) - signed certificate.
When running, all vCloud Usage Meter applications use the same keystore and CA certificate store. The NGINX certificates are updated on OS startup. Unless specifically noted, you can run commands on the vCloud Usage Meter console as usagemeter.
To allow remote interaction with the vCloud Usage Meter console, you can activate SSH or invoke the commands in a vSphere web console.
The vCloud Usage Meter appliance stores the certificates in a Java key store at /opt/vmware/cloudusagemetering/platform/security/keystore.
The CA certificate key store is located at /opt/vmware/cloudusagemetering/platform/security/cacerts.
Import an Internal Certificate Authority (CA) - Signed Certificate for a vCloud Usage Meter Appliance with Enabled FIPS Mode
If you want to replace the vCloud Usage Meter certificate with a certificate signed by an internal Certificate Authority (CA), you must first import the CA to the vCloud Usage Meter appliance with enabled FIPS mode.
Prerequisites
- Verify that you have access to the vCloud Usage Meter console as usagemeter.
- Verify that FIPS is enabled for the vCloud Usage Meter appliance by navigating to .
Procedure
Import an Internal Certificate Authority (CA) - Signed Certificate for a vCloud Usage Meter Appliance with Deactivated FIPS Mode
If you want to replace the certificate of a vCloud Usage Meter appliance with deactivated FIPS mode with a certificate signed by an internal Certificate Authority (CA), you must first import the CA to the appliance.
Prerequisites
- Verify that you have access to the vCloud Usage Meter console as usagemeter.
- Verify that FIPS is deactivated for the vCloud Usage Meter appliance by navigating to .
Procedure
Install a Certificate Authority (CA) - Signed Certificate for a vCloud Usage Meter Appliance with Enabled FIPS Mode
To establish a secure network connection to the vCloud Usage Meter Web interface, you can install a CA-signed SSL certificate on the vCloud Usage Meter appliance with enabled FIPS mode.
To obtain a CA-signed certificate and private key, you must generate a certificate signing request. The certificate authority uses the request to generate the official certificate.
Prerequisites
- Verify that you have access to the vCloud Usage Meter console as usagemeter.
- From the certificate authority, obtain both the private key and the signed certificate. Both files must be in PEM format.
- Verify that FIPS is enabled for the vCloud Usage Meter appliance by navigating to .
Procedure
Install a Certificate Authority (CA) - Signed Certificate for a vCloud Usage Meter Appliance with Deactivated FIPS Mode
To establish a secure network connection to the vCloud Usage Meter Web interface, you can install a CA-signed SSL certificate on the vCloud Usage Meter appliance with deactivated FIPS mode.
To obtain a CA-signed certificate and private key, you must generate a certificate signing request. The certificate authority uses the request to generate the official certificate.
Prerequisites
- Verify that you have access to the vCloud Usage Meter console as usagemeter.
- From the certificate authority, obtain both the private key and the signed certificate. Both files must be in PEM format.
- Verify that FIPS is deactivated for the vCloud Usage Meter appliance by navigating to .
Procedure
Replace the Default Appliance Self-Signed SSL Certificate With a New Self-Signed Certificate for a vCloud Usage Meter appliance with enabled FIPS mode
You can replace the default self-signed certificate for a vCloud Usage Meter appliance with enabled FIPS mode by generating and installing a new self-signed certificate.
Prerequisites
- Verify that you have access to the vCloud Usage Meter console as usagemeter.
- Verify that FIPS is enabled for the vCloud Usage Meter appliance by navigating to .
Procedure
Replace the Default Appliance Self-Signed SSL Certificate With a New Self-Signed Certificate for a vCloud Usage Meter appliance with deactivated FIPS mode
You can replace the default self-signed certificate for a vCloud Usage Meter appliance with deactivated FIPS mode by generating and installing a new self-signed certificate.
Prerequisites
- Verify that you have access to the vCloud Usage Meter console as usagemeter.
- Verify that FIPS is deactivated for the vCloud Usage Meter appliance by navigating to .
Procedure
Import a Certificate to the vCloud Usage Meter Appliance Keystore when FIPS Mode is Enabled
If the instance you want to add for metering uses network and security configuration entities such as load balancer, proxy, or firewall, or you use proxy over HTTPS or SMTP over SSL/TLS, you must import their certificates to the vCloud Usage Meter appliance keystore.
To import the certificate of a network and security configuration entity to the vCloud Usage Meter apliance keystore, you must obtain the password of the truststore. The password is located at /opt/vmware/cloudusagemetering/conf/env.properties.
Prerequisites
- Verify that you have access to the vCloud Usage Meter appliance as usagemeter.
- Verify that FIPS is enabled for the vCloud Usage Meter appliance by navigating to .
Procedure
Import a Certificate to the vCloud Usage Meter Appliance Keystore when FIPS Mode is Deactivated
If the instance you want to add for metering uses network and security configuration entities such as load balancer, proxy, or firewall, or you use proxy over HTTPS or SMTP over SSL/TLS and FIPS is disabled for the appliance, you must import their certificates to the vCloud Usage Meter appliance keystore.
To import the certificate of a network and security configuration entity to the vCloud Usage Meter apliance keystore, you must obtain the password of the truststore. The password is located at /opt/vmware/cloudusagemetering/conf/env.properties.
Prerequisites
- Verify that you have access to the vCloud Usage Meter appliance as usagemeter.
- Verify that FIPS is deactivated for the vCloud Usage Meter appliance by navigating to .