In this article I will demonstre how you can request and install a Wildcard SSL certificate from Let’s Encrypt on VMware Cloud Director 10.3.

The reason for writing this article is that the procedures for installing SSL certificates on VMware Cloud Director has changed in version 10.3.

Documentation

The following links to VMware Docs show the difference between Cloud Director 10.2 and Cloud Director 10.3:

Cloud Director 10.2

Importing SSL Certificates from External Services

Import Private Keys and CA-Signed SSL Certificates to the VMware Cloud Director Appliance

Cloud Director 10.3

Importing SSL Certificates from External Services

Import Private Keys and CA-Signed SSL Certificates to the VMware Cloud Director Appliance

So much for official documentation, let’s get started!

Request a Let’s Encrypt Wildcard SSL Certificate

First, we need a new Wildcard SSL Certificate. In this example I will request a new Let’s Encrypt wildcard SSL Certificate which I will install on Cloud Director later.

Install Posh-ACME module

Start an administrative Powershell session and execute the following command:

Install-Module -Name Posh-ACME -Scope AllUsers
Set-ExecutionPolicy RemoteSigned -Scope CurrentUser -Force
Import-Module Posh-ACME
Set-PAServer https://acme-v02.api.letsencrypt.org/directory
Get-PAServer

Request the wildcard certificate

With the Posh-ACME module installed, we’re ready to request a Let’s Encrypt Wildcard Certificate.
Replace the domain and email information in the code below and execute the commands:

* Do not use a fake e-mail address, this address will be used for expiration notifications.

$certNames = '*.domain.nl','domain.nl'
$email = '[email protected]'
New-PACertificate $certNames -AcceptTOS -Contact $email

Do not “press any key to continue” yet!
First we need to add the TXT records to our DNS zone.

Add TXT records to DNS

The next step is to create two TXT records on my domain’s DNS zone.
These two TXT records will be used to validate the domain name.

The following example shows my Siteground DNS Zone Editor.

Navigate back to the Powershell screen and press any key to continue.
The output will look like the following example:

Remove TXT records from DNS

The request has been completed and we are now able to remove the two TXT records.

We now have the requested certificate.

To access the certificate files, open windows Explorer and go to the following location.
You will find all the needed certificate files in a sub folder that contains the name of your domain.

%LOCALAPPDATA%\Posh-ACME

Install the Wildcard Certificate in VMware Cloud Director 10.3

Prepare PEM file for installation

First, copy the “fullchain.cer” and rename the file to _your-domain.nl.PEM

Upload the .PEM and the cert.key file to the /tmp folder of the Cloud Director cell using WinSCP.

Update the Rights of the files.

Install certificate files on Cloud Director Cell

Connect to your Cloud Director cell via SSH, and run the following commands: (replace name of the PEM file)

cd /opt/vmware/vcloud-director/bin
./cell-management-tool certificates -j --cert /tmp/_your-domain.pem --key /tmp/cert.key
./cell-management-tool certificates -p --cert /tmp/_your-domain.pem --key /tmp/cert.key
service vmware-vcd restart

Browse to the Cloud Director’s Provider Admin Portal and navigate to:
Administration > Settings > Public Addresses

Change the Web Portal public address as shown below.
I have not selected any certificate chain file, as those already have been installed.

Now, when you check the certificate in your browser, you will see that the Let’s Encrypt Wildcard SSL certificate is installed.

 230 total views,  7 views today