Search the VMware Knowledge Base (KB)
View by Article ID

Changing or renewing SSL certificates in VMware vCloud Director 1.x and 5.x (2014237)

  • 3 Ratings


This article provides steps to change or renew SSL certificates in the vCloud Director database. If your environment is multi-cell, you need to import the certificate to every vCloud cell.


To change or renew SSL Certificates in vCloud Director:

Note: Apply this procedure to each vCloud cell if you are running a multi-cell environment.
  1. Open an terminal session or a SSH session to one of the vCloud cells.
  2. Log in as the root user.
  3. Use the cell management tool to gracefully shut down the cell:

    1. Retrieve the current job status:

      To view system administrator credentials and a count of running jobs, run this Cell Management Tool command:

      [root@cell1 /opt/vmware/vclouddirector/bin]# ./cell-management-tool -u administrator -p Pa55w0rd cell --status

      You see output similar to:

      Job count = 2
      Is Active = true

    2. Stop the task scheduler to quiesce the cell by running the command:

      Note: This command prevents new jobs from being started. Existing jobs continue to run until they complete or are cancelled.

      [root@cell1 /opt/vmware/vclouddirector/bin]# ./cell-management-tool -u administrator -p Pa55w0rd cell --quiesce true

    3. When the Job Count = 0 and Is Active = false, it is safe to shut down the cell by running the command:

      [root@cell1 /opt/vmware/vclouddirector/bin]# ./cell-management-tool -u administrator -p Pa55w0rd cell --shutdown

  4. Stop the vCD service by running the command: service vmware-vcd stop
  5. To delete the existing certs run these commands.

    keytool -delete -alias http -keystore certificates.ks -storetype JCEKS -storepass password
    keytool -delete -alias consoleproxy -keystore certificates.ks -storetype JCEKS -storepass password

  6. Copy the new certificates to the keystore on this cell. For more information, see Generating SSL certificates for VMware vCloud Director (1026309).
  7. Run the configure executable located at /opt/vmware/vcloud-director/bin/configure.

    Navigate through the configuration utility and enter the details for the location of the keystore. You are prompted to enter a number of parameters that are necessary to configure the vCloud Director service. For example:

    Please enter the path to the Java keystore containing your SSL certificates and private Keys: Enter_location_of_keystore_file
    Please enter the password for the keystore: Password
    Please enter the private password for the 'http' SSL certificate: Password
    Please enter the private password for the 'consoleproxy' SSL certificate: Password

    The configuration utility imports the SSL certificate in to the database. You see output similar to:

    Connecting to the database: jdbc:oracle:thin:@<database server>:1521:cloud
    Database configuration complete.

  8. When the SSL certificate is imported, you are prompted to start the vCloud Director service. Select Y to start the service.

    When the vCloud Director service starts, open the portal to the vCloud Director. You are prompted to import a new SSL certificate.


If you are running a single cell environment, some down time is required to import a new SSL certificate.

Additional Information

For more information on the Cell Management Tool, see the vCloud Director Installation and Configuration Guide.

If you are using vCloud Director 1.0 or 1.0.1, download the tool and install it. For more information, see Using the Cell Management Tool to shut down a vCloud Director cell (1033575).

See Also

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.


  • 3 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)

Please enter the Captcha code before clicking Submit.
  • 3 Ratings