As the VMware vCloud Director 1.5 Install Guide points out, each vCD server requires 2 SSL certificates. The procedures described in the install guide don’t necessarily work out of the box. Here are a few pointers on how to properly install the SSL certificates:
- Make sure to use the keytool utility located in /opt/vmware/vcloud-director/jre/bin/keytool. Using other keytool binaries located elsewhere in the system might generate errors.
- The command string provided in the install guide to created untrusted certificates does not work. With keytool, the order of the arguments is key.
For example, instead of this
keytool -keystore certificates.ks -storetype JCEKS -storepass passwd -genkey -keyalg RSA -alias http
try this
/opt/vmware/vcloud-director/jre/bin/keytool -genkey -keystore certificates.ks -storetype JCEKS -storepass passwd -keyalg RSA -alias http
- Thanks to Erik Bussink for the following tip.
Note that the above command uses a default validity period of 90 days. To extend the validity to 2 years, use this command instead:
/opt/vmware/vcloud-director/jre/bin/keytool -genkey -keystore certificates.ks -storetype JCEKS -storepass passwd -keyalg RSA -validity 731 -alias http
Also, make sure to visit Chris Colotti’s blog for an excellent treatment on all things related to vCloud Director.
You are still missing the -validity XXX to extend the length of validity of the SSL certificates. By default the certs are valide 60 or 90 days. Use 731 to ensure your self-signed certificates are valid for 2 years.
Thank you Erik for the very useful tip! I will update the post and give you credit.