VMware Integrated OpenStack (VIO) enables SSL encryption by default and will be installed with a self-signed certificate. In order to provide your own certificate from a trusted CA, the VIO management VM includes command-line tools for the vSphere administrator.

The first step is to generate the CSR for the environment.

$ sudo viocli deployment cert-req-create

The workflow will ask for some details and then output the CSR, which you can provide to your trusted CA of choice.

After you receive your signed certificate, append all of the CRT files to a single file.

$ cat intermediate1.crt intermediate2.crt root.crt server.crt >> /path/certificate.crt

The final step is to push the new certificate out to the VIO Load Balancers running in the environment.

$ sudo viocli deployment cert-update -p -f /path/certificate.crt

The output will include the following:

Once completed, you can check to see that the new certificate(s) were installed properly by logging into the Load Balancer VMs.

$ ssh usa1-2-violb1
$ cd /etc/ssl
$ sudo cat vio.pem