VMware Cloud Director 10.3 SSL certificate replacement
We have VMware Cloud Director installation in our company and the SSL certificate was about to expire.
We have found a great and helpful blog post from Daniel Paluszek on how to replace certificate in version higher or equal 10.2 but it did not work as described in the article.
We dug a little deeper and managed to replace the certificate with the following procedure:
- We have a Digicert wildcard certificate for our company, so we created a certificate in .pfx form
- Then it was necessary to convert certificate to .pem format. This was done via openssl utillity on an CentOS machine with the following commands:
openssl pkcs12 -in certificate.pfx -out privateKey.key -nocerts -nodesopenssl pkcs12 -in certificate.pfx -out certificate.pem -nokeys -clcerts
- In the next step, we copied the created files certificate.pem and private.key with WinSCP to the /tmp folder on each VCD node.
- We logged in to the VCD node via SSH and moved to the /tmp folder
- Then the rights for the two files had to be chaged:
chmod 444 certificate.pemchmod 444 privateKey.key
- After that, we could run the cell management tool with the following command:
/opt/vmware/vcloud-director/bin/cell-management-tool certificates -j -p --cert /tmp/certificate.pem --key /tmp/privateKey.key
- For the conclusion, the service for VCD has to be restarted and this is done via the following command:
service vmware-vcd restart
Steps from 4 to 7 have to be repeated on each Cloud Director node.
I would strongly recommend to remove/delete certificate and private key from the “/tmp”.
And now you have a new certificate working for the web portal and console.