Hello Guys
I'm doing a lab for vCloud Director 9.1 and have doubts how to use certificates wildcard.
My lab have 3 nodes with vcenter 6.5, and have 2 cell with Load Balanced in NSX.
When access to url of LB (https://vcloudlb.lab.local/cloud) access without problem to vCloud Portal.
In the installation in the Primary Cell I running:
keytool -keystore certificates.ks -alias http -storepass Passw0rd -keypass Passw0rd -storetype JCEKS -genkeypair -keyalg RSA -keysize 2048 -validity 3650 -dname "CN=vcloudlb.lab.local, OU=LAB, O=LAB, L=Providencia S=Providencia C=CO" -ext "san=dns:vcloudlb.lab.local,dns:vcloudlb,ip:192.168.112.190"
keytool -keystore certificates.ks -alias consoleproxy -storepass Passw0rd -keypass Passw0rd -storetype JCEKS -genkeypair -keyalg RSA -keysize 2048 -validity 3650 -dname "CN=vcloudplb.lab.local, OU=LAB, O=LAB, L=Providencia S=Providencia C=CO" -ext "san=dns:vcloudplb.lab.local,dns:vcloudplb,ip:192.168.112.191"
Post I run:
keytool -keystore certificates.ks -storetype JCEKS -storepass Passw0rd -certreq -alias http -file http.csr
keytool -keystore certificates.ks -storetype JCEKS -storepass Passw0rd -certreq -alias consoleproxy -file consoleproxy.csr
Now If I wanted to publish my laboratory for outside in order to publish services and I would like to use Wildcard * .lab.local for example from godaddy I need to send the http.crt and consoleproxy.crt?
I read from this page https://bakingclouds.com/installing-wildcard-signed-ssl-certificates-in-vcloud-director-9-1/ but I have confusion as it should be the use of wildcard.
thanks for your help
Sebastian
Hi,
For connectivity outside, you need a public IP and a VIP behind a loadbalancer.
In our case, we don't use NSX edge for LB, we use a fortinet for the loadbalancing, no ssl offloading, only forwarding request from outside (443) to both cell (active / passive mode).
The url (based on your wild card) need to point to the VIP.
Example:
vcd.portal.lab.local ==> X.X.X.X (public ip) , and the LB will forward request on port 443 to cell 1 and cell 2 (port 443).
And i have also followed the article below.