5.1
Table Of Contents
- vCloud Director Installation and Upgrade Guide
- Contents
- VMware vCloud Director Installation and Upgrade Guide
- Overview of vCloud Director Installation, Configuration, and Upgrade
- vCloud Director Architecture
- Configuration Planning
- vCloud Director Hardware and Software Requirements
- Creating a vCloud Director Server Group
- Upgrading vCloud Director
- vCloud Director Setup
- Index
c Import the certificate for the HTTP service.
This command imports the certificate from the http.cer file to the certificates.ks keystore file.
keytool -storetype JCEKS -storepass
passwd
-keystore certificates.ks -import -alias http
-file http.cer
d Import the certificate for the console proxy service.
This command imports the certificate from the consoleproxy.cer file to the certificates.ks keystore
file.
keytool -storetype JCEKS -storepass
passwd
-keystore certificates.ks -import -alias
consoleproxy -file consoleproxy.cer
11 To verify that all the certificates are imported, list the contents of the keystore file.
keytool -storetype JCEKS -storepass
passwd
-keystore certificates.ks -list
12 Repeat steps Step 1 through Step 11 on each of the remaining vCloud Director servers.
What to do next
If you created the certificates.ks keystore file on a computer other than the server on which you generated
the list of fully qualified domain names and their associated IP addresses, copy the keystore file to that server
now. You will need the keystore path name when you run the configuration script. See “Configure Network
and Database Connections,” on page 25.
NOTE Because the vCloud Director configuration script does not run with a privileged identity, the keystore
file and the directory in which it is stored must be readable by any user.
Create a Self-Signed SSL Certificate
Self-signed certificates can provide a convenient way to configure SSL for vCloud Director in environments
where trust concerns are minimal.
Each vCloud Director server requires two SSL certificates, one for each of its IP addresses, in a Java keystore
file. You must create two SSL certificates for each server that you intend to use in your vCloud Director server
group. You can use certificates signed by a trusted certification authority, or self-signed certificates. Signed
certificates provide the highest level of trust.
To create and import signed certificates, see “Create and Import a Signed SSL Certificate,” on page 17.
Prerequisites
n
Generate a list of fully-qualified domain names and their associated IP addresses on this server, along
with a service choice for each IP address. See “Create SSL Certificates,” on page 16.
n
Verify that you have access to a computer that has a Java version 6 runtime environment, so that you can
use the keytool command to create the certificate. The vCloud Director installer places a copy of
keytool in /opt/vmware/vcloud-director/jre/bin/keytool, but you can perform this procedure on any
computer that has a Java version 6 runtime environment installed. Certificates created with a keytool from
any other source are not supported for use with vCloud Director. Creating and importing the certificates
before you install and configure vCloud Director software simplifies the installation and configuration
process. These command-line examples assume that keytool is in the user's path. The keystore password
is represented in these examples as passwd.
Chapter 1 Overview of vCloud Director Installation, Configuration, and Upgrade
VMware, Inc. 19