A publicly trusted certificate for the fully qualified domain name of cloud proxy VIP must be imported to the cloud proxy cell with the http alias. Another certificate must be present with the alias consoleproxy even though it will be unused. This is because the cloud proxies should not be used for VM console proxy sessions. Both certificates are imported with the same process as vCloud Director cell certificates.

Because each cloud proxy is accessed from the internet under two different FQDNs (cloud proxy VIP in Table 4 and specific cloud proxy FQDN in Table 5), the http certificate must match both FQDNs. The easiest approach is to use a wild card certificate. If that is not possible, certificates with Subject Alternate Name (listing both FQDNs) can be used instead.