vCloud Director uses a java keystore to read its SSL certificates from. This makes it a bit more complicated to use an existing certificate and private key set. Took me a while to figure out, so I’m sharing.

In this example I created /opt/vmware/keystore for the certificate files. The ssl-key.pem and ssl-cert.pem are the existing certificate files. Furthermore, I used ‘passed’ as the keystore and alias password. (needed for the vCD configuration)

Firstly, we need to convert the key and certificate to a DER format:

Credits go out to http://www.agentbob.info/agentbob/79-AB.html for the next part, the following combines the key and certificate into a new keystore:

We’ve now created a new keystore with an existing private key and certificate. Check to verify!

Ok, now we copy the importkey alias to the required aliases for vCD:

Get rid of the ‘importkey’ alias and change the keystore password:

Now check to verify the aliases inside the keystore:

Ok, so now we have a keystore file with our key and certificate in it. Now to update vCD:

And peaches.



Share the wealth!

Leave a Reply

Your email address will not be published. Required fields are marked *