Creating and importing signed SSL certificates for vCloud Director using keytool

To create and import signed SSL certificates:
  1. Create the certificate.
    • To create an untrusted certificate for the HTTP service host, run the command:keytool -keystore certificates.ks -storetype JCEKS -storepass passwd –genkey -alias http
    • To create a certificate signing request for the HTTP service, run the command:keytool -keystore certificates.ks -storetype JCEKS -storepass passwd –certreq -alias http -file http.csrNoteThis command creates a certificate signing request in the file http.csr.

       

    • To create an untrusted certificate for the console proxy service host, run the command:keytool -keystore certificates.ks -storetype JCEKS -storepass passwd -genkey -alias consoleproxy
    • To create a certificate signing request for the console proxy service, run the command:keytool -keystore certificates.ks -storetype JCEKS -storepass passwd -certreq –alias consoleproxy -file consoleproxy.csrNote: This command creates a certificate signing request in the file consoleproxy.csr.

       

  2. Send the certificate signing requests to your Certification Authority. You receive the SSL Certificates in an email.
  3. When you receive the signed certificates, import them into the keystore.
    • To import the Certification Authority’s root certificate into the keystore file, run the command:keytool -storetype JCEKS -storepass passwd -keystore certificates.ks -import –alias root -file root.cer
    • To import the Certification Authority’s intermediate certificates into the keystore file, run the command:keytool -storetype JCEKS -storepass passwd -keystore certificates.ks -import –alias intermediate -file intermediate.cer
    • To import the host-specific certificate for the HTTP service, run the command:keytool -storetype JCEKS -storepass passwd -keystore certificates.ks -import –alias http -file http.cer
    • To import the host-specific certificate for the console proxy service, run the command:keytool -storetype JCEKS -storepass passwd -keystore certificates.ks -import –alias consoleproxy -file consoleproxy.cer
  4. Verify that all the certificates have been imported, list the contents of the keystore file with the command:keytool -storetype JCEKS -storepass passwd -keystore certificates.ks -list

You may also like