Use the certificates command of the cell management tool to replace the cell's SSL certificates.

The certificates command of the cell management tool automates the process of replacing a cell's existing certificates with new ones stored in a JCEKS keystore. The certificates command helps you replace self-signed certificates with signed ones. To create a JCEKS keystore containing signed certificates, see Create and Import a Signed SSL Certificate .

To replace the cell's SSL certificates, use a command with the following form:

cell-management-tool certificates options

Cell Management Tool Options and Arguments, certificates Subcommand

Option

Argument

Description

--help (-h)

None

Provides a summary of available commands in this category.

--config (-c)

full pathname to the cell's global.properties file

Defaults to$VCLOUD_HOME/etc/global.properties.

--responses (-r)

full pathname to the cell's responses.properties file

Defaults to$VCLOUD_HOME/etc/responses.properties.

--keystore (-s)

keystore-pathname

Full pathname to a JCEKS keystore containing the signed certificates.

--keystore-pwd (-w)

keystore-password

Password for the JCEKS keystore referenced by the --keystore option.

You can omit the --config and --responses options unless those files were moved from their default locations. In this example, a keystore at /tmp/new.ks has the password kspw. This example replaces the cell's existing certificates with the certificates found in /tmp/new.ks

[root@cell1 /opt/vmware/vcloud–director/bin]# ./cell-management-tool certificates -s /tmp/my-new-certs.ks -w kspw
Certificate replaced by user specified keystore at /tmp/new.ks.
You will need to restart the cell for changes to take effect.
Note

You must restart the cell after you replace the certificates.