Network Virtualization – It is just about sharing…

Nov

2017

November 17th, 2017 by axel

Let’s keep with the VMware product SSL certificates replacement serie.

I assume here that you already prepared your PKI. If you did not managed it yet check KB2112009.

Today we’ll be talking about NSX certificates.
Installing trusted certificate is quite easy in NSX. The action relies on four steps :

Create the NSX CSR
Generate the signed certificate
Build the certificates chain
Import the certificate

Create the NSX CSR

From the NSX Manager administration interface (reachable via http://NSXManager-FQDN with admin account and “default” as password if you did not change it) :

Go to > Manage Appliance Settings > SSL Certificates
Click on “Generate CSR”
Fill the form like that shown below

Once filled and validated
Click on “Download CSR”
Edit the tab so you can copy/paste the content so you can use right after

Generate the signed certificate

From your MS PKI web page (https://PKI-FQDN/certsrv) :

Click on Submit an Advanced Certificate Request > Submit a certificate request by using a base-64-encoded…
Paste the content of the CSR and select the VMware Certificate template

Click on submit
Check the box “Base 64 encoded”
Click on “Download certificate”

Build the certificates chain

At this step you will need to use the Root-CA certificate of your MS PKI.

Before building the SSL chain, verify that the NSX certificate has been correctly created

Edit both NSX and Root-CA certificate with a text editor (notepad ++ for example).
Paste in a new page and in this order the content of the NSX certificate, then the content of the root certificate
Save the new file as nsx-chained.cer

The new chain should be like that :