NSX : Install a signed SSL certificate
Nov
17
2017
Let’s keep with the VMware product SSL certificates replacement serie.
I assume here that you already prepared your PKI. If you did not managed it yet checkย KB2112009.
Today we’ll be talking about NSX certificates.
Installing trusted certificate is quite easy in NSX. The action relies on four steps :
- Create the NSX CSR
- Generate the signed certificate
- Build the certificates chain
- Import the certificate
From the NSX Manager administration interface (reachable via http://NSXManager-FQDN with admin account and “default” as password if you did not change it) :
- Go to > Manage Appliance Settings > SSL Certificates
- Click on “Generate CSR”
- Fill the form like that shown below
- Once filled and validated
- Click on “Download CSR”
- Edit the tab so you can copy/paste the content so you can use right after
Generate the signed certificate
From your MS PKI web page (https://PKI-FQDN/certsrv) :
- Click onย Submit an Advanced Certificate Request > Submit a certificate request by using a base-64-encoded…
- Paste the content of the CSR and select the VMware Certificate template
- Click on submit
- Check the box “Base 64 encoded”
- Click on “Download certificate”
At this step you will need to use the Root-CA certificate of your MS PKI.
Before building the SSL chain, verify that the NSX certificate has been correctly created
- Edit both NSX and Root-CA certificate with a text editor (notepad ++ for example).
- Paste in a new page and in this order the content of the NSX certificate, then the content of the root certificate
- Save the new file as nsx-chained.cer
The new chain should be like that :
Go back to the NSX Manager administration interface :
- Go to > Manage Appliance Settings > SSL Certificates
- Click this time on “Import”
- Browse and select the chained created previously
- As mentioned, the new certificate has been added, reboot the appliance
- Confirm the reboot , wait a bit and refresh.
- No more warning ๐
Thank you guys for reading and as usual, feel free to comment, share and give me support ๐
Posted in Network Virtualization, NSX Tagged with: Certificates, NSX
How to cleanup a stuck NSX Controller node installation
Mar
05
2017
As I was deploying my first NSX controller cluster, i faced a really annoying issue : The second node deployment was stuck on “Deploying” status.
I had already tried without any improvement to :
- stop the node and restart the manager only
- restart the new node and the manager,
- keep the node running and restart the manager
Unable to cancel, remove, kill (or whatever you want ๐ ) the task, i decided to browse the NSX API guide.
This post will show you the different steps i followed to remove the task from the task queue and redeploy my second node.
| My lab consisted of :
vSphere 5.1 => vCloud director 5.1 => vApp => Nested ESXi 6.0.u1 => vcsa 6.0.u1 (external install) + NSX manager 6.1.4 + NSX controller |
After installing the Firefox REST Client (this post talks about the installation of Firefox RESTClient ):
- I run a GET method to list my controllers and their status via https://NSXManagerIP/api/2.0/vdn/controller.
I was able to confirm the status of the second node
- As the PUT method is not allowed (do not hesitate, please let me know if i am wrong) i had to delete the controller, to do so, i launched a DELETE Method https://NSXManagerIP/api/2.0/vdn/controller/controller-2?forceRemoval=False where controller-2 was the ID of the controller to delete.
I was then able to redeploy my controller ๐
| PS : Notice that if you have to delete the last controller, you will have to force the removal by using the command https://NSXManagerIP/api/2.0/vdn/controller/controller-ID?forceRemoval=True. |
Posted in NSX, Virtualization Tagged with: NSX, SDN, VMware