How to replace NSX Manager SSL Certificate

Page content

How to replace NSX Manager SSL Certificate - Logo

I am working on daily basis with many Customers in CEMEA region. Pretty much all of them are large Enterprises where a focus on security is quite high. As the best practice, it is recommended to replace self-signed SSL Certificates with Certificate Authority Certificates.

I already did few post about SSL Certificate replacement:

Like every component NSX Manager has web based admin interface which is accessible via secured protocol. Today, I will show you how to replace NSX Manager SSL Certificate with CA SSL Certificate.

How to replace NSX Manager SSL Certificate?

Replacement of NSX Manager SSL Certificate doesn’t take much time. The most problems you might have is when root and intermediate certificate have to be combined with NSX Manager SSL Certificate.

  1. Login to NSX Manager and click Manage Appliance Settings.

    How to replace NSX Manager SSL Certificate - 1

  2. Go to SSL Certificates.

    How to replace NSX Manager SSL Certificate - 2

  3. Click Generate CSR and fill all needed fields. Take a look on my CSR.

    How to replace NSX Manager SSL Certificate - 3

  4. Download CSR and upload it to CA for approval. vSphere 6.0 SSL Certificate template is configured by following VMware KB: Creating a Microsoft Certificate Authority Template for SSL certificate creation in vSphere 6.0 (2112009).

    How to replace NSX Manager SSL Certificate - 5

  5. Combine SSL Certificates for NSX Manager. In order to be able to import NSX SSL Certificate, it has to be merged with Intermediate and/or Root CA. It can be done in a text editor or command line. The most important thing is to remember the order
NSX SSL Certificate → Intermediate CA → Root CA
  1. After the successful combining of both files, certificate looks ok.

    How to replace NSX Manager SSL Certificate - 5

  2. The last step is to import it into NSX Manager. Click Import, choose file and click once again Import.

    How to replace NSX Manager SSL Certificate - 6

  3. If every step was followed we just need to reboot NSX Manager appliance.

    How to replace NSX Manager SSL Certificate - 7

  4. Reboot takes a moment to complete and after the refresh of NSX Manager web page, we see that NSX Manager SSL Certificate was replaced.

Summary

I hope this post was informative for you and you will wait for a new post on my blog.