How to replace NSX Manager SSL Certificate - Logo

I am working on daily basis with many Customers in CEMEA region. Pretty much all of them are large Enterprises where a focus on security is quite high. As the best practice, it is recommended to replace self-signed SSL Certificates with Certificate Authority Certificates.

I already did few post about SSL Certificate replacement:

Like every component NSX Manager has web based admin interface which is accessible via secured protocol. Today, I will show you how to replace NSX Manager SSL Certificate with CA SSL Certificate.

How to replace NSX Manager SSL Certificate?

Replacement of NSX Manager SSL Certificate doesn’t take much time. The most problems you might have is when root and intermediate certificate have to be combined with NSX Manager SSL Certificate.

    1. Login to NSX Manager and click Manage Appliance Settings.
      How to replace NSX Manager SSL Certificate - 1
    2. Go to SSL Certificates.
      How to replace NSX Manager SSL Certificate - 2
    3. Click Generate CSR and fill all needed fields. Take a look on my CSR.
      How to replace NSX Manager SSL Certificate - 3
    4. Download CSR and upload it to CA for approval. vSphere 6.0 SSL Certificate template is configured by following VMware KB: Creating a Microsoft Certificate Authority Template for SSL certificate creation in vSphere 6.0 (2112009).
      How to replace NSX Manager SSL Certificate - 4
    5. Combine SSL Certificates for NSX Manager. In order to be able to import NSX SSL Certificate, it has to be merged with Intermediate and/or Root CA. It can be done in a text editor or command line. The most important thing is to remember the order

      NSX SSL Certificate → Intermediate CA → Root CA

    6. After the successful combining of both files, certificate looks ok.
      How to replace NSX Manager SSL Certificate - 5
    7. The last step is to import it into NSX Manager. Click Import, choose file and click once again Import.
      How to replace NSX Manager SSL Certificate - 6
    8. If every step was followed we just need to reboot NSX Manager appliance.
      How to replace NSX Manager SSL Certificate - 7
    9. Reboot takes a moment to complete and after the refresh of NSX Manager web page, we see that NSX Manager SSL Certificate was replaced.

Summary

I hope this post was informative for you and you will wait for a new post on my blog.

How to replace NSX Manager SSL Certificate
5 (100%) 1 vote
Wojciech Marusiak
Social Media

Wojciech Marusiak

Senior Solutions Cloud Architect at Consort CT
I am innovative and experienced VMware and Windows Server Engineer with over 10 years in the IT industry specializing in VMware virtualization and Microsoft Server environment.

My experience and skills have been proven by leading vendor certifications like VMware Certified Implementation Expert 6 – Data Center Virtualization, VMware Certified Advanced Professional 6 – Data Center Virtualization Design, VMware Certified Professional 6 - Data Center Virtualization, VMware Certified Professional 6 - Network Virtualization, AWS Certified Solutions Architect - Associate, ITIL V3, VMware vExpert 2014 - 2017 and VMware vExpert NSX 2017 Award.

My blog wojcieh.net - was voted #43 in Top vBlog 2017 contest!
Wojciech Marusiak
Social Media

Latest posts by Wojciech Marusiak (see all)