Instructions on how to replace certificates for VMware Cloud Director 10.5.1 and above via the provider UI
VMware Cloud Director 10.5.1 and above
Self Signed:
Create a Private key and a CSR:
openssl genrsa -out example.com.key 2048; openssl req -new -key example.com.key -out example.com.csr
Create the SAN config file
touch v3.ext
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
basicConstraints = CA:TRUE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign
subjectAltName = DNS:example.com, DNS:*.example.com, DNS: node1.example.com. DNS: Node2.example.com, DNS: Node3.example.com
issuerAltName = issuer:copy
Generate Self signed certificate:
openssl x509 -req -in example.com.csr -signkey example.com.key -out example.com.crt -days 360 -sha256 -extfile v3.ext
CA/Enterprise CA or a signed certificate authority (Digi etc.)
Create a Private key and a CSR:
openssl genrsa -out example.com.key 2048 openssl req -new -key example.com.key -out example.com.csr
Share the CSR with the Certificate authority, ensure the CA adds in SAN when signing the certificate
EG of a CA provider:
Preparing the certificate
Note: For a self signed certificate, you will only have the certificate only. (no intermediate/root)
Note: ensure the certificate chain does not have a cert with sha-1 algorithm
Eg:
Import the certificate to VMware Cloud Director
Apply Certificate to cell nodes
openssl s_client -showcerts node1.example.com:443
Updating certificates via the provider UI is only available starting VCD 10.5.1 and above.
Note: For Multi-cell / Load-balanced environment
Note in case of failure Renewing Certificates
sha1WithRSAEncryption
. In rare cases, you might also append the root certificate root-CA-certificate.cer
. This is not common, and generally, it is not applicable if your CA is one of the well-known certificate authorities whose certificate is distributed using the most modern browsers. Consult with your CA for more information and to determine whether you must append your root certificate. SSL Certificate Creation and Management of Your VMware Cloud Director Appliance
cat intermediate-certificate-file-1.cer intermediate-certificate-file-2.cer >> your-http-certificate.pem