vCloud Director requires SSL to secure communications between clients and servers. Before you install and configure a vCloud Director server group, you must create two certificates for each member of the group and import the certificates into host keystores.

Each vCloud Director server that you intend to use in a vCloud Director cluster requires two SSL certificates, one for each of its IP addresses.

Note

All directories in the pathname to the SSL certificates must be readable by the user vcloud.vcloud. This user is created by the vCloud Director installer.

1

List the IP addresses for this server.

Use a command like ifconfig to discover this server's IP addresses.

2

For each IP address, run the following command to retrieve the fully qualified domain name to which the IP address is bound.

nslookup ip-address
3

Make a note of each IP address, the fully qualified domain name associated with it, and whether vCloud Director should use the address for the HTTP service or the console proxy service.

You need the fully qualified domain names when you create the certificates, and the IP addresses when you configure network and database connections.

4

Create the certificates.

You can use certificates signed by a trusted certification authority, or self-signed certificates. Signed certificates provide the highest level of trust. A 2,048-bit key length provides a high level of security.