Monday, March 19, 2012

How to make vCloud keytool Self Signed Certificates that last more than the default of 120 days

For my testing lab, I get tired of replacing the SSL self signed cert every 4 months, this should make it last for 9999 days, or 27 years.  It also assumes you installed Java jre version 1.6.0_29 .  Obviously you may need to modify this to fit your environment, using a self signed cert is bad for security, plus as I’m doing below using the same cert for both http and consoleproxy is also bad for security.  And using a password of password isn’t something I do even in my lab.

Step 1: Create New Certs

./usr/java/jre1.6.0_29/bin/keytool –keystore /opt/vmware/certificates.ks -storetype JCEKS -storepass password -validity 9999 -genkey -keyalg RSA -alias http

./usr/java/jre1.6.0_29/bin/keytool -keystore /opt/vmware/certificates.ks -storetype JCEKS -storepass password -validity 9999 -genkey -keyalg RSA -alias consoleproxy

Step 2: Stop vCloud Service

service vmware-vcd stop

Step 3: Go through configure wizard to replace certificates

./opt/vmware/vcloud-director/bin/configure

Step 4: Service should restart at end of the configure command, so there really is no step 4 other than to bring up your vCloud web page and examine the certificate to see your new extended certificate.

No comments: