VMware’s vCloud Director (vCD) and vCloud Availability (vCAV) only come with TLS v1.1 and 1.2 enabled out of the box. This process will show you how to enable TLS v1. If more information is needed, please visit VMware’s Documentation on vCloud Director 8.20, or the following KB2145796. This work should be completed after hours as you would inevitably be moving VCD proxy service from one cell to another, and this could cause a brief outage for customers. This process will require taking the cell offline, so do each cell one at a time starting with a cell not running the inventory service
- Open an SSH session to a VCD cell, or vCAv cloud proxy cell, and su to root
- Change to the ‘ /opt/vmware/vcloud-director/bin/ ‘ directory
- Use the Cell Management Tool to quiesce the cell. This will move active jobs over to another cell, and cleanly shutdown the cell. You should make note which VCD cell has the proxy service enabled, and avoid that cell until last.
# ./cell-management-tool -u administrator cell --quiesce true
- Get the status of any running jobs on each cell. ** Verify Job count = 0 | Is Active = false | In Maintenance Mode = false
# ./cell-management-tool -u administrator cell --status
Job count = 0
Is Active =
In Maintenance Mode =
- Shut the cell down to prevent any other jobs from becoming active on the cell.
# ./cell-management-tool -u administrator cell --shutdown
Cell successfully deactivated and all tasks cleared
shutdownStopping vmware-vcd-watchdog: [ OK ] Stopping vmware-vcd-cell: [ OK ]
- Run the following command on the vCD cell in /opt/vmware/vcloud/bin/ to enable TLS1
# ./cell-management-tool ssl-protocols -d SSLv3,SSLv2Hello
- Start the cell service, and validate that a vCD cell has the listener service running from the UI, and that vCenter is connected to one of the cells.
# service vmware-vcd start
- To validate that TLS v1 has been enabled on the vCD cell, or vCAV cloud proxy cell, run the following command
# ./cell-management-tool ssl-protocols -l
Allowed SSL protocols: * TLSv1.2 * TLSv1.1 * TLSv1
- If you have additional VCD cells, or vCAV cloud proxy cells, repeat this process one at a time.