5.5
Table Of Contents
- vCloud Director Installation and Upgrade Guide
- Contents
- VMware vCloud Director Installation and Upgrade Guide
- Overview of vCloud Director Installation, Configuration, and Upgrade
- vCloud Director Architecture
- Configuration Planning
- vCloud Director Hardware and Software Requirements
- Browsers That vCloud Director Supports
- Summary of Network Configuration Requirements for vCloud Director
- Installing and Configuring a vCloud Director Database
- Create SSL Certificates
- Installing and Configuring vShield Manager
- Installing and Configuring an AMQP Broker
- Download and Install the VMware Public Key
- Creating a vCloud Director Server Group
- Install and Configure vCloud Director Software on the First Member of a Server Group
- Configure Network and Database Connections
- Install vCloud Director Software on Additional Members of a Server Group
- Install Microsoft Sysprep Files on the Servers
- Start or Stop vCloud Director Services
- Uninstall vCloud Director Software
- Upgrading vCloud Director
- vCloud Director Setup
- Cell Management Tool Reference
- Index
Create SSL Certificates
vCloud Director requires SSL to secure communications between clients and servers. Before you install and
configure a vCloud Director server group, you must create two certificates for each member of the group
and import the certificates into host keystores.
Each vCloud Director server requires two IP addresses, so that it can support two different SSL endpoints.
Each server requires two SSL certificates, one for each SSL endpoint.
NOTE All directories in the pathname to the SSL certificates must be readable by the user vcloud.vcloud.
This user is created by the vCloud Director installer.
Procedure
1 List the IP addresses for this server.
Use a command like ifconfig to discover this server's IP addresses.
2 For each IP address, run the following command to retrieve the fully qualified domain name to which
the IP address is bound.
nslookup ip-address
3 Make a note of each IP address, the fully qualified domain name associated with it, and whether
vCloud Director should use the address for the HTTP service or the console proxy service.
You need the fully qualified domain names when you create the certificates, and the IP addresses when
you configure network and database connections.
4 Create the certificates.
You can use certificates signed by a trusted certification authority, or self-signed certificates. Signed
certificates provide the highest level of trust. A 2,048-bit key length provides a high level of security.
Create and Import a Signed SSL Certificate
Signed certificates provide the highest level of trust for SSL communications.
Each vCloud Director server requires two SSL certificates, one for each of its IP addresses, in a Java keystore
file. You must create two SSL certificates for each server that you intend to use in your vCloud Director
server group. You can use certificates signed by a trusted certification authority, or self-signed certificates.
Signed certificates provide the highest level of trust.
To create and import self-signed certificates, see “Create a Self-Signed SSL Certificate,” on page 19.
Prerequisites
n
Generate a list of fully-qualified domain names and their associated IP addresses on this server, along
with a service choice for each IP address. See “Create SSL Certificates,” on page 17.
n
Verify that you have access to a computer that has a Java version 6 runtime environment, so that you
can use the keytool command to create the certificate. The vCloud Director installer places a copy of
keytool in /opt/vmware/vcloud-director/jre/bin/keytool, but you can perform this procedure on any
computer that has a Java version 6 runtime environment installed. Certificates created with a keytool
from any other source are not supported for use with vCloud Director. Creating and importing the
certificates before you install and configure vCloud Director software simplifies the installation and
configuration process. These command-line examples assume that keytool is in the user's path. The
keystore password is represented in these examples as passwd.
Chapter 1 Overview of vCloud Director Installation, Configuration, and Upgrade
VMware, Inc. 17