vCloud Director Install and Setup – SSL Certificates

Overview

This is a really simple step in configuring vCD and is required as the secure communication between clients and servers are an absolute requirement.  This step does require you to have created your vCD Member Server and have installed the “vmware-vcloud-director-5.1.1-868405.bin” binary exectuable.  This installs the “keytool” utility in /opt/vmware/vcloud-director/jre/bin/keytool and according to the docs certificates created with a “keytool” from another source are not supported.

Each member of a vCD Group requires two IP Addresses (one for the HTTP Service and one for the Console Proxy Service).  Both of these IP addresses require SSL certs. You will also need to assign each IP address an FQDN for the SSL cert creation.  In this example we will just create self signed certs on a pre-built Linux CentOS 6.4 VM.

Install JRE6

First, login to your Linux VM and make sure you have JRE 6 installed. At the time of writing the most recent version of JRE 6 was here, however, a quick google should get you what you need.

Once JRE is on the server, make it executable and then run it:

[code lang=”text”]
# chmod +x jre-6u34-linux-x64-rpm.bin
# ./jre-6u34-linux-x64-rpm.bin
[/code]

Self Signed SSL Certificate creation

Create the untrusted (self-signed) certificate for the HTTP Service in the keystore file named certificates.ks (replacing password for something more secure) and answer the various questions:

[code lang=”text”]/opt/vmware/vcloud-director/jre/bin/keytool -keystore certificates.ks -storetype JCEKS -storepass password -genkey -keyalg RSA -alias http[/code]

Now repeat for the console proxy service:

[code lang=”text”]/opt/vmware/vcloud-director/jre/bin/keytool -keystore certificates.ks -storetype JCEKS -storepass password -genkey -keyalg RSA -alias consoleproxy[/code]

Now to check the state of the certificate store you have just created:

[code lang=”text”]/opt/vmware/vcloud-director/jre/bin/keytool -storetype JCEKS -storepass password -keystore certificates.ks -list[/code]

And that’s it, you now have self-signed SSL certificates in a certificate store that you can point your vCloud Director configuration at.

Leave a Reply

Your email address will not be published. Required fields are marked *