vCloud Director requires a certificate to be installed on the device that it uses for communication with the other VMware products as well as a certificate for the vCD website. The following steps can be used to install a wildcard certificate (call the certificate certificate.pfx). [more]
- Convert pfx to pem: openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes
- Obtain the private key from certificate.cer (cut and paste the private key to a new file, name it wildcard.key)
- Use the following command to recreate the pfx and set alias (PKCS12 keystore): openssl pkcs12 -export -in certificate.cer -inkey wildcard.key -name http -passout pass:password -out http.pfx
- Use the same certificate and key to create the consoleproxy pfx (PKCS12 keystore): openssl pkcs12 -export -in certificate.cer -inkey wildcard.key -name consoleproxy -passout pass:password -out consoleproxy.pfx
- Import the 2 PKCS12 keystore into Java keystore using keytool:Import the root certificate to the same keystore:
./keytool -importkeystore -srckeystore http.pfx -srcstoretype PKCS12 -destkeystore CERTIFICATES.ks -deststoretype JCEKS -deststorepass password -srcalias http -destalias http -srcstorepass password
./keytool -importkeystore -srckeystore consoleproxy.pfx -srcstoretype PKCS12 -destkeystore CERTIFICATES.ks – deststoretype JCEKS -deststorepass password -srcalias consoleproxy -destalias consoleproxy -srcstorepass password - Import the root certificate to the same keystore:
/keytool -importcert -alias root -file DigiCertHighAssuranceEVRootCA.crt -storetype JCEKS -keystore CERTIFICATES.ks -storepass password - Import the Intermediate certificate to the same keystore:
./keytool -importcert -alias intermediate -file DigiCertHighAssuranceCA-3.crt -storetype JCEKS -keystore CERTIFICATES.ks -storepass password - Verify the CERTIFICATES.ks keystore:
./keytool -list -keystore CERTIFICATES.ks -storetype JCEKS -storepass password - Provide the necessary permission:
chown vcloud:vcloud /opt/vmware/vcloud-director/jre/bin/CERTIFICATES.ks - Stop the VCD service: service vmware-vcd stop
- Run the configure command: /opt/vmware/vcloud-director/bin/configure
- When prompted for the certificate, point to the following: /opt/vmware/vclouddirector/jre/bin/CERTIFICATES.ks
- When prompted to start the cell, press y and Enter
Source: http://virtxpress.wordpress.com/2013/12/22/using-wildcard-certificates-in-vcloud-director/