vCloud Director uses SSL to secure communications between clients and servers. Before you install and configure a vCloud Director server group, you must create two certificates for each member of the group and import the certificates into host keystores.

Each vCloud Director server requires two IP addresses, so that it can support two different SSL endpoints. Each endpoint requires its own SSL certificate. Certificates for both endpoints must include both an X.500 distinguished name and X.509 Subject Alternative Name extension.

1

List the IP addresses for this server.

Use a command like ifconfig to discover this server's IP addresses.

2

For each IP address, run the following command to retrieve the fully qualified domain name to which the IP address is bound.

nslookup ip-address
3

Make a note of each IP address, the fully qualified domain name associated with it, and whether vCloud Director should use the address for the HTTP service or the console proxy service.

You need the fully qualified domain names when you create the certificates, and the IP addresses when you configure network and database connections. If the IP address can be reached by other DNS names, make a note of those too, since you will need to supply them when specifying a Subject Alternative Name.

4

Create the certificates.

You can use certificates signed by a trusted certification authority, or self-signed certificates.

Note

Signed certificates provide the highest level of trust.