Skip to content

vBlog.nl

All about technology

Menu
  • Home
  • VMware Cloud Director
  • vSphere
  • Automation
    • PowerCLI
    • PowerShell
    • Terraform
  • NSX
  • Horizon DaaS
  • About Us
Menu
vCloud Director - interfaces_ports

Install public SSL certificates on vCloud Director 9.7

Posted on July 22, 2019

In this article I will explain how to install public SSL certificates on vCloud Director 9.7 appliances.

VMware points to this article to create and import a Signed SSL Certificate to the vCloud Director environment.
The difference here is that most of us already own a SSL certificate.
When this is the case, the mentioned article won’t be useful.

vCloud Director has two interfaces listing to your requests using different ports, therefore you need two SSL certificates.
I will not cover the installation of certificates on reverse proxies, Web Application Firewalls, etc. in this article, but should not be forgotten!

In this scenario we will use one Wildcard certificate to cover both ports.
In the drawing below you can see how the traffic reaches the diff

  • eth0 will be used for HTTP/HTTPS
  • eth1 will be used for Remote Console traffic
vCloud Director - interfaces_ports
vCloud Director – interfaces_ports

Table of Contents

  • Install public SSL certificates on primary vCloud Director 9.7 cell
  • Install on additional vCloud Director cells

Install public SSL certificates on primary vCloud Director 9.7 cell

Before we can start installing the SSL certificate to the first cell, we need to meet the following prerequisites:

  • Working vCloud Director 9.7 environment
  • SSL certificate in .PFX format (and of course the password!)
  • SSH access to the primary vCloud Director cell
  • Putty
  • WinSCP

Ok, let’s go!

  • Connect to the first cell using WinSCP
  • Navigate to the /tmp/ folder and upload the .PFX certificate

    Install wildcard SSL certificates on vCloud Director 9.7 - WinSCP - Upload PFX to TMP folder
    WinSCP – Upload PFX to TMP folder
  • When finished, connect via SSH to the Cell01 using your Putty client.
  • Run the following commands (make sure you change the VCD_ROOT_PASSWORD placeholder!)
# Stop vCloud Director services
service vmware-vcd stop
# Add the HTTP certificate to a new created certificates.ks keystore.
/opt/vmware/vcloud-director/jre/bin/keytool -keystore /tmp/certificates.ks -storepass VCD_KEYSTORE_PASSWORD -keypass VCD_KEYSTORE_PASSWORD -storetype JCEKS -importkeystore -srckeystore /tmp/star.vblog.nl.pfx
/opt/vmware/vcloud-director/jre/bin/keytool -keystore /tmp/certificates.ks -storetype JCEKS -changealias -alias 1 -destalias http
# Add the Remote Console Proxy certificate to a new created certificates.ks keystore.
/opt/vmware/vcloud-director/jre/bin/keytool -keystore /tmp/certificates.ks -storepass VCD_KEYSTORE_PASSWORD -keypass VCD_KEYSTORE_PASSWORD -storetype JCEKS -importkeystore -srckeystore /tmp/star.vblog.nl.pfx
/opt/vmware/vcloud-director/jre/bin/keytool -keystore /tmp/certificates.ks -storetype JCEKS -changealias -alias 1 -destalias consoleproxy
# Make a back-up of the existing keystore 
cd /opt/vmware/vcloud-director
cp certificates.ks certificates.ks.OLD 
# Copy the new keystore file to the vCloud Director environment
cp /tmp/certificates.ks /opt/vmware/vcloud-director/certificates.ks
# Update rights to the keystore file
chown vcloud:vcloud /opt/vmware/vcloud-director/certificates.ks
chmod -R 600 /opt/vmware/vcloud-director/certificates.ks
# Run the vCloud Director configuration script
/opt/vmware/vcloud-director/bin/configure
  • During the vCloud Director configuration script you need to enter IP’s, syslog server, etc.
  • Afterwards, vCloud Director services will be started with the public SSL certificate
  • Make sure your public endpoints are set correct in the vCloud Director admin portal
vCloud Director - Public endpoints
vCloud Director – Public endpoints

Install on additional vCloud Director cells

  • Connect to the next vCloud Director cell: Cell02
  • Run the following commands
# Stop vCloud Director services (only required if vCloud Director is already configured)
service vmware-vcd stop
# Update rights to the keystore file 
chown vcloud:vcloud /opt/vmware/vcloud-director/certificates.ks 
chmod -R 600 /opt/vmware/vcloud-director/certificates.ks
# Run the vCloud Director configuration script with response file
/opt/vmware/vcloud-director/bin/configure -r /opt/vmware/vcloud-director/data/transfer/responses.properties

  • After finishing the configuration script on Cell02, the vCloud Director services will be started

 

More vCloud Director related articles will be posted here.

 8,059 total views,  1 views today

Share on Social Media
twitter facebook linkedin reddit emailwhatsapptelegram

2 thoughts on “Install public SSL certificates on vCloud Director 9.7”

  1. Pingback: Upgrade to vCloud Director 10 appliance - vBlog.nl
  2. Raff says:
    May 7, 2020 at 12:52 pm

    Hi,
    Thank you for your post.
    I’ve a Fortinet Load Balancer using a Public Virtual IP in front of the private IP of the cells. Will the certificate installed on cells be translated to the public virtual public IP as well or should I upload “somewhere” the certificate in the Fortinet?
    Thank you
    Cheers
    Raff

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent articles

  • VMware Cloud on AWS with FSx for NetApp ONTAP December 28, 2022
  • Workspace ONE Access – Change certificate December 22, 2022
  • UI themes for VMware Cloud Director 10.4.1 and later December 16, 2022
  • VMware Tanzu Kubernetes Grid December 15, 2022
  • Workspace One Access – Not logged in to server FQDN. Please invoke Save before Sync December 12, 2022
  • NSX Edge configuration has failed. 1G hugepage support required. December 7, 2022
  • Horizon DaaS – Unable to connect to Desktop November 24, 2022
  • How to: Request and Install a Lets Encrypt Wildcard SSL on VMware Cloud Director 10.4 October 17, 2022
  • New and improved vSAN 8 explained September 24, 2022
  • How to update a stand alone ESXi host September 13, 2022

Tags

Automation bootstrapping Container Service Extension Credential Manager Desktone.log ESXi EUC EXi GPU Horizon DaaS Instant-Clone Logging NSX nsx-t PowerCLI PowerShell Putty Raspberry PI SSL Tanzu Terraform update vcd-cli vCenter vCloud vCloud Availability vCloud Director VDI vGPU VMware VMworld vSAN vSphere vVols workspace one Zerto

VMware Cloud Provider Blog

  • NSX ALB Licensing with VMware Cloud Director
    by Jaikishan Tayal on March 27, 2023 at 10:33 am

    History of NSX ALB and VCD Licensing: From version 10.2, VMware Cloud Director began supporting NSX-T Advanced Load Balancer (AVI Load Balancer). This integration has become crucial for Cloud Services Providers, allowing them to provide their customers with a range of Load Balancing services (LBaaS) for Virtual Data Center workloads and Tanzu containers. Before the … Continued The post NSX ALB Licensing with VMware Cloud Director appeared first on VMware Cloud Provider Blog.

  • VMware vSAN 8 Update 1 for Cloud Services Providers
    by Christopher Wong on March 24, 2023 at 3:00 pm

    Recently, VMware announced the upcoming release of vSAN 8 Update 1. This latest update enhances vSAN’s capabilities and functionality with additional improvements for performance, data durability, and integration. Cloud Services Providers who are leveraging the capabilities of vSAN 8 can expect to see additional benefits in these areas as they deploy this upcoming release into … Continued The post VMware vSAN 8 Update 1 for Cloud Services Providers appeared first on VMware Cloud Provider Blog.

  • Terraform VMware Cloud Director Provider 3.9.0 – Beta early access build
    by Guy Bartram on March 24, 2023 at 11:06 am

    The release time for version 3.9.0 of Terraform VMware Cloud Director Provider is approaching,and for the first time, we’re releasing a beta, so users can try the new features and give helpful feedback that will improve the final release. What is a “beta” build? A beta build is a preliminary release of an intended new … Continued The post Terraform VMware Cloud Director Provider 3.9.0 – Beta early access build appeared first on VMware Cloud Provider Blog.

  • VMware Cloud Director Object Storage Extension 2.2.1
    by Astha Sharma on March 16, 2023 at 5:45 pm

    Object Storage Extension 2.1.1 The post VMware Cloud Director Object Storage Extension 2.2.1 appeared first on VMware Cloud Provider Blog.

  • Architecting VMware Cloud Director Availability Solution in a Multi-Cloud Environment
    by Nikolay Patrikov on March 15, 2023 at 1:09 pm

    Building a cloud based on VMware Cloud Director or Cloud Director service requires a considerable amount of deployment decisions for Cloud Providers concerning the infrastructure behind their services. They can operate fully on-premises within their data centers or combine them with any of the hyperscalers in a hybrid way. These design decisions affect the DRaaS … Continued The post Architecting VMware Cloud Director Availability Solution in a Multi-Cloud Environment appeared first on VMware Cloud Provider Blog.

©2023 vBlog.nl | Design: Newspaperly WordPress Theme