Search the VMware Knowledge Base (KB)
View by Article ID

Installing CA Root Certificate in Trusted Keystore for vCloud Connector (2045007)

  • 2 Ratings


When you add valid certificates and enable SSL for a vCloud Connector Node, you must also import the corresponding Certificate Authority (CA) root certificate into the trusted keystore of the vCloud Connector Server and all other vCloud Connector Nodes.

The trusted keystore is /usr/java/default/lib/security/cacerts. The default password for this keystore is changeit.

To import the CA root certificate
  1. Log on to the console of the vCloud Connector Server or vCloud Connector Node as admin.
    The default password is vmware.
  2. If the CA Root certificate is not in the X.509 format, convert it to the X.509 format.
    openssl pkcs7 -in <path/../certificate.cer> -print_certs | openssl x509 > <path/../certificate.cer>
    Note: If the certificate is already in the X.509 format, you might get an error.
  3. At the prompt, change directory:
    cd /usr/java/default/lib/security
  4. Import the root certificate:
    /usr/java/default/bin/keytool -import -trustcacerts -alias alias -file <location of root .cer file> -keystore cacerts -storepass changeit
    Note: Ensure that all root certificates uploaded to the cacerts keystore have a unique alias name.



Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.


  • 2 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)

Please enter the Captcha code before clicking Submit.
  • 2 Ratings