When you add valid certificates and enable SSL for a vCloud Connector node, you must also import the corresponding Certificate Authority (CA) root certificate into the trusted keystore of the vCloud Connector server and all other vCloud Connector nodes.

The trusted keystore is /usr/java/default/lib/security/cacerts. The default password for this keystore is changeit.

1

Log in to the console of the vCloud Connector server or vCloud Connector node as admin.

The default password is vmware.

2

If the CA Root certificate is not in the X.509 format, convert it to the X.509 format.

openssl pkcs7 -in <path/../certificate.cer> -print_certs | openssl x509 > <path/../certificate.cer>

Note

If the certificate is already in the X.509 format, you might get an error.

3

At the prompt, change directory.

cd /usr/java/default/lib/security

4

Import the root certificate.

/usr/java/default/bin/keytool -import -trustcacerts -alias alias -file <location of root .cer file> -keystore cacerts -storepass changeit

Ensure that all root certificates uploaded to the cacerts keystore have a unique alias name.