Adventures with vCloud Director, Part II

After a couple of days of research, I was able to get past the Certificate requirement.

Background Info:

Before I explain how I resolved the problem, here is a quick intro to vCloud Director’s certificate usage:

In the real-world (aka outside of Home Labs), vCloud Director (vCD) is meant to be used in corporate environments to provision tested, validated, and production-ready single- or multi-VM systems for internal as well as external customers.  SSL or TLS communication between the vCD components is a critical measure to prevent unauthorized access of the underlying VMware infrastructure.

All vCD servers have two IP addresses for network communications:

  • One IP Address is used for HTTP communication
  • One IP Address is used for the vCD Console Proxy service

A certificate is required for BOTH of these addresses.

 

Resolution:

For a Home Lab Setup, there is no need to get the Certificates signed (If you would like to test with signed certificates, however, there are economical options such as OpenSSL).

Follow the steps outlined in the vCD 1.5 Install Guide, but skip over the Create and Import a Signed SSL Certificate section and proceed to the Create a Self-Signed SSL Certificate instructions.

While researching the vCD Certificate creation process, I used the following execution syntax as suggested by Rajeev Karamchedu and Chris Colotti

/opt/vmware/vcloud-director/jre/bin/keytool -genkey -keystore certificates.ks
-storetype JCEKS -storepass passwd -keyalg RSA -validity 731 -alias http

NOTE: You will need to install the vCD software on your Red Hat node before this step is complete to use the keytool that comes with the software.

 

Troubleshooting:

During certificate creation you may get a couple of errors similar to keytool error: java.security.KeystoreException: JCEKS

Here are two things to check from within the vCloud Directory’s jre sub-directory (/opt/vmware/vcloud-director/jre/bin/)

  1. Make sure you execute the command as ./keytool instead of just keytool
  2. Check to see if there is an existing certificates.ks file in the directory.  If it exists, remove it and try to execute the command again.
Please share the progress of your vCloud Director testing in the comments section below.  I’ll be blogging more of my experiences in the upcoming weeks.

Leave a Reply

Your email address will not be published. Required fields are marked *