Replace the VMware Cloud Director Certificates in 10.3 with a PFX or PEM


Yves Sandfort

Yves Sandfort

In VMware Cloud Director 10.3 VMware changed from using the Java keystore to a direct import/management with the cell-management-tool. This is a reminder to myself for the steps involved to change the certificate on a VMware Cloud Director cell.

As with change from Java KeyStore to certificate management directly from within the cell-management-tool with VMware Cloud Director 10.3 it is required to understand which certificate formate etc. you have to use.

I start this example of with a PFX file (incl. private key, password protected), something most people have at hand.

  • Create a private key file out of your .pfx:
    openssl pkcs12 -in 2022_STAR.demovcd.pfx -nocerts -out demovcd.key
  • Create the PEM file out of your .pfx:
    openssl pkcs12 -in 2022_STAR.demovcd.pfx -clcerts -nokeys -out demovcd.pem
  • Move the files to the /tmp folder (or any other folder accessible by the vcloud user)
  • Change ownership to vcloud:vcloud on the files:
    chown vcloud:vcloud /tmp/demovcd.*
  • Change the certificate with the cellmanagement tool on both http and proxy ports:
    /opt/vmware/vcloud-director/bin/cell-management-tool certificates -j --cert /tmp/demovcd.pem --key /tmp/demovcd.key --key-password MyMegaSecretPassword
    /opt/vmware/vcloud-director/bin/cell-management-tool certificates -p --cert /tmp/demovcd.pem --key /tmp/demovcd.key --key-password MyMegaSecretPassword
  • Restart the vcd cell
    service VMware-vcd restart

Do this on all the cells, that's it.





Thank you! Your message has been sent!
Oops! Something went wrong while submitting the form.