Importing vCloud Air SSL Certificate on the vCenter Server Appliance 5.x

by Christian Mohn · Read in about 2 min (266 words)

I’m playing around a bit with vCloud Air and Virtual Private Cloud OnDemand, and in order to set up the vCloud Hybrid Service plugin in the vSphere Web Client you need to import the vCloud Air SSL certificate into vCenter. If the certificate isn’t present in the vCSA keystore when you try to authenticate with vCloud Air, you get a “Server Certificate not Verified” error, and you will be unsuccessful in configuring the plugin.

The Using the vCloud Hybrid Service vSphere Client Plug-in document outlines how this can be accomplished, but it’s based on downloading the SSL certificate via a browser and then importing it into the vCenter Keystore. Since I mostly run the vCenter Server Appliance, I didn’t want to bother with downloading it from one of my desktops, and copying the files over to the vCSA for import.

I mean, there has to be a better way to do that, via the command line, right? Indeed there is, this little one-liner downloads and formats the certificate from to /tmp on the vCSA, and then proceeds to import it into the keystore.

echo -n | openssl s_client -connect | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/vchs.cer && /usr/java/jre-vmware/bin/keytool -alias vchs -v -keystore /usr/lib/vmware-vsphere-client/server/configuration/keystore -storepass changeit -import -file /tmp/vchs.cer

All you have to to is press ‘y’ to confirm the import:

Trust this certificate? [no]: y
Certificate was added to keystore
[Storing /usr/lib/vmware-vsphere-client/server/configuration/keystore]
vcenter:/tmp #

And there it is, you can now add your vCloud Air credentials via the vSphere Web Client, without having to copy any files from your browser/desktop to the vCSA.

Post last updated on July 11, 2018: Replace cmohn with Christian Mohn as author

About the author

Christian Mohn Profile Picture

Christian Mohn works as a Chief Technologist SDDC for Proact in Norway.

See his About page for more details, or find him on Twitter.