vCloud Director requires a certificate to be installed on the device that it uses for communication with the other VMware products as well as a certificate for the vCD website. The following steps can be used to install a wildcard certificate (call the certificate certificate.pfx). [more]

  1. Convert pfx to pem: openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes
  2. Obtain the private key from certificate.cer (cut and paste the private key to a new file, name it wildcard.key)
  3. Use the following command to recreate the pfx and set alias (PKCS12 keystore): openssl pkcs12 -export -in certificate.cer -inkey wildcard.key -name http -passout pass:password -out http.pfx
  4. Use the same certificate and key to create the consoleproxy pfx (PKCS12 keystore): openssl pkcs12 -export -in certificate.cer -inkey wildcard.key -name consoleproxy -passout pass:password -out consoleproxy.pfx
  5. Import the 2 PKCS12 keystore into Java keystore using keytool:Import the root certificate to the same keystore:
    ./keytool -importkeystore -srckeystore http.pfx -srcstoretype PKCS12 -destkeystore CERTIFICATES.ks -deststoretype JCEKS -deststorepass password -srcalias http -destalias http -srcstorepass password
    ./keytool -importkeystore -srckeystore consoleproxy.pfx -srcstoretype PKCS12 -destkeystore CERTIFICATES.ks – deststoretype JCEKS -deststorepass password -srcalias consoleproxy -destalias consoleproxy -srcstorepass password
  6. Import the root certificate to the same keystore:
    /keytool -importcert -alias root -file DigiCertHighAssuranceEVRootCA.crt -storetype JCEKS -keystore CERTIFICATES.ks -storepass password
  7. Import the Intermediate certificate to the same keystore:
    ./keytool -importcert -alias intermediate -file DigiCertHighAssuranceCA-3.crt -storetype JCEKS -keystore CERTIFICATES.ks -storepass password
  8. Verify the CERTIFICATES.ks keystore:
    ./keytool -list -keystore CERTIFICATES.ks -storetype JCEKS -storepass password
  9. Provide the necessary permission:
    chown vcloud:vcloud /opt/vmware/vcloud-director/jre/bin/CERTIFICATES.ks
  10. Stop the VCD service: service vmware-vcd stop
  11. Run the configure command: /opt/vmware/vcloud-director/bin/configure
  12. When prompted for the certificate, point to the following: /opt/vmware/vclouddirector/jre/bin/CERTIFICATES.ks
  13. When prompted to start the cell, press y and Enter