Let's Encrypt and VCD

Using Let's Encrypt to automate SSL certificates for VCD

Posted by : on

Category : daily   vcd


Several years ago, my friend Tomas Fojta wrote a blog article on how to automate updating SSL Certificates for VCD. I appreciate his work and have borrowed it for my own project. The project that I have underway is a new VCD 10.6.1.1 lab. We secure it using SSL certificates from Let’s Encrypt. Our security team handles the process of getting the new certificate and applying it to the AVI load balancer that fronts VCD for this lab. That certificate is then passed to me for it to be uploaded into the public address configuration within VCD. This last part is where I wanted to borrow Tomas’ work and modify it.

Since the cert is already generated, I only needed to modify Tomas’ work for the VCD portion. If viewing his script from the above URL, we are replacing lines 91 to eof with my code below. For this example, the Root, Issuer, and Load Balancer certs have all been copied to the location of the script. In addition, notice that the API header for authorization has changed. And lastly, the GeneralSettings.SystemExternalAddressPublicCertChain has been deprecated and replaced with GeneralSettings.TenantPortalPublicCertChain. Making these changes to his script will allow the new Let’s Encrypt certificates to be uploaded into the VCD public addresses configuration.

##Update vCloud Director with new certificates
##Variables
$Vcd = "<vcd-url>"
$VcdAdmin = "<vcd-system-admin>"
$VcdPassword = "<vcd-system-admin-password>" 

##Cert Info
$RootCert = Get-Content -Path "<let's encrypt root cert>" -Raw
$IssuerCert = Get-Content -Path "<let's encrypt issuer cert>" -Raw
$LBCertificate = Get-Content -Path "<vcd load balancer cert>" -Raw 

##Connect to VCD
$VcdSession = Connect-CIServer $Vcd -User $VcdAdmin -Password $VcdPassword

##API Connection 
$Uri = "https://"+$Vcd+"/api/admin/extension/settings/general"
$head = @{"Authorization"=$VcdSession.SessionSecret} + @{"Accept"="application/*;version=39.1"}

##API Call to fetch the vcd settings
$r = Invoke-WebRequest -URI $Uri -Method Get -Headers $head -ErrorAction:Stop
[xml]$sxml = $r.Content

##Modify the settings
$sxml.GeneralSettings.RestApiBaseUriPublicCertChain = $LBCertificate + $IssuerCert + $RootCert
$sxml.GeneralSettings.TenantPortalPublicCertChain = $LBCertificate + $IssuerCert + $RootCert
 
# API Call to put updated settings back
$r = Invoke-WebRequest -URI $Uri -Method Put -Headers $head -ContentType "application/vnd.vmware.admin.generalSettings+xml" -Body $sxml.OuterXML -ErrorAction:Stop

About Sam Aaron
Sam Aaron

Father, Husband, Geek. Workaholic.

Email : mail@micronauts.us

Website : http://micronauts.us

About Sam Aaron

Father. Husband. Geek. Workaholic. US Marine Corps Veteran.

Sam Aaron is a Senior Consultant in the Professional Services Organization for Entelligence, bringing over a decade of expertise in enterprise cloud automation and infrastructure. Sam has spent almost eleven years at VMware leading cloud automation initiatives using VCF Automation (formerly Aria Automation & vRA) and designing scalable, multi-tenant environments with VMware Cloud Director (vCD).

Sam holds multiple certifications including VCF-Architect 2024, VCIX-CMA, and dual VCPs (DCV & CMA), and is a recognized contributor to VMware’s certification exams. As a VMware Hands-On Lab (HOL) Captain and content author from 2015-2025, Sam played a key role in educating and mentoring the global VMware community. He helped to create and develop the automation challenge and troubleshooting labs for VMworld and global virtual forums.

When Sam is not working, he has several hobbies, among these are 3D printing Star Wars robots and turning them into animatronics.

Launched in April 2010, micronauts is Sam's online presence. Here, he has been blogging and sharing knowledge with the virtualization community. This blog acts as a central repository to retain the resolutions and other trivial knowledge that Sam has discovered.

** No information provided here was reviewed or endorsed by VMware by Broadcom, Microsoft, or anyone else for that matter. All information here are opinions based on Sam's personal experience. Use this knowledge at your own risk. **

Star
Categories
  • esx
  • vmware
  • linux
  • vmtools
  • p2v
  • commandline
  • vmnic
  • solaris
  • ssh
  • script
  • daily
  • dos
  • lab
  • project
  • network
  • powercli
  • troubleshooting
  • vcenter
  • windows
  • vmware-kb
  • howto
  • powershell
  • storage
  • netapp
  • tools
  • svmotion
  • vcloud
  • vra
  • automation
  • vcloud-director
  • tips
  • nsx
  • jekyll
  • guides
  • sample_category
  • github
  • vcd
    • Useful Links
  • Home
  • About
  • Blog
  • Gallery