When you add valid certificates and enable SSL for a vCloud Connector node, you must also import the corresponding Certificate Authority (CA) root certificate into the trusted keystore of the vCloud Connector server and all other vCloud Connector nodes.

The trusted keystore is /usr/java/default/jre/lib/security/cacerts. The default password for this keystore is changeit.


Log in to the console of the vCloud Connector server or vCloud Connector node as root.

The default password is vmware.


Copy the certificate to a directory in the console.


If the CA Root certificate is not in the X.509 format, convert it to the X.509 format.

openssl pkcs7 -in path_to_certificate.cer -print_certs | openssl x509 > path_to_certificate.cer


If the certificate is already in the X.509 format, you might get an error.


Change directory.

cd /usr/java/default/jre/lib/security


Import the root certificate.

/usr/java/default/bin/keytool -import -trustcacerts -alias alias -file location_of_root_.cer_file -keystore cacerts -storepass changeit

Ensure that all root certificates uploaded to the cacerts keystore have a unique alias name.


Restart the server or node.