Use the generate-certs command of the cell management tool to generate new self-signed SSL certificates for the cell.

The generate-certs command of the cell management tool automates the procedure shown in Create a Self-Signed SSL Certificate.

To generate new self-signed SSL certificates and add them to a new or existing keystore, use a command line with the following form:

cell-management-tool generate-certs options

Cell Management Tool Options and Arguments, generate-certs Subcommand

Option

Argument

Description

--help (-h)

None

Provides a summary of available commands in this category.

-issuer (-i)

name=value [, name=value, ...]

X.509 distinguished name of the certificate issuer. Defaults to CN=Unknown. If you specify multiple attribute and value pairs, separate them with commas and enclose the entire argument in quotation marks.

--out (-o)

keystore-pathname

Full pathname to the keystore on this host.

--key-size (-s)

key-size

Size of key pair expressed as an integer number of bits. Defaults to 1024.

--keystore-pwd (-w)

keystore-password

Password for the keystore on this host.

--expiration (-x)

days-until-expiration

Number of days until the certificates expire. Defaults to 365

Both of these examples assume a keystore at /tmp/cell.ks that has the password kspw. This keystore is created if it does not already exist.

This example creates the new certificates using the defaults. The issuer name is set to CN=Unknown. The certificate uses 1024-bit encryption and expires one year after creation.

[root@cell1 /opt/vmware/vcloud-director/bin]# ./cell-management-tool generate-certs -o /tmp/cell.ks -w kspw
New keystore created and written to /tmp/cell.ks.

This example creates the new certificates using custom values for key size and issuer name. The issuer name is set to CN=Test, L=London, C=GB. The certificate uses 2048-bit encryption and expires 90 days after creation.

[root@cell1 /opt/vmware/vcloud-director/bin]# ./cell-management-tool generate-certs -o /tmp/cell.ks -w kspw
 -i "CN=Test, L=London, C=GB" -s 2048 -x 90
New keystore created and written to /tmp/cell.ks.