Category: Network Virtualization

November 17th, 2017 by axel

Let’s keep with the VMware product SSL certificates replacement serie.

I assume here that you already prepared your PKI. If you did not managed it yet check KB2112009.

Today we’ll be talking about NSX certificates.
Installing trusted certificate is quite easy in NSX. The action relies on four steps :

Create the NSX CSR

From the NSX Manager administration interface (reachable via http://NSXManager-FQDN with admin account and “default” as password if you did not change it) :

  • Go to > Manage Appliance Settings > SSL Certificates
  • Click on “Generate CSR”
  • Fill the form like that shown below

  • Once filled and validated
  • Click on “Download CSR”
  • Edit the tab so you can copy/paste the content so you can use right after

Generate the signed certificate

From your MS PKI web page (https://PKI-FQDN/certsrv) :

  • Click on  Submit an Advanced Certificate Request > Submit a certificate request by using a base-64-encoded…
  • Paste the content of the CSR and select the VMware Certificate template

  • Click on submit
  • Check the box “Base 64 encoded”
  • Click on “Download certificate”

Build the certificates chain

At this step you will need to use the Root-CA certificate of your MS PKI.

Before building the SSL chain, verify that the NSX certificate has been correctly created

  • Edit both NSX and Root-CA certificate with a text editor (notepad ++ for example).
  • Paste in a new page and in this order the content of the NSX certificate, then the content of the root certificate
  • Save the new file as nsx-chained.cer

The new chain should be like that :

  • Import the certificate

Go back to the NSX Manager administration interface :

  • Go to > Manage Appliance Settings > SSL Certificates
  • Click this time on “Import”
  • Browse and select the chained created previously

  • As mentioned, the new certificate has been added, reboot the appliance

  • Confirm the reboot , wait a bit and refresh.
  • No more warning 🙂


Thank you guys for reading and as usual, feel free to comment, share and give me support 🙂


Posted in Network Virtualization, NSX Tagged with: ,