November 17th, 2017 by axel

Let’s keep with the VMware product SSL certificates replacement serie.

I assume here that you already prepared your PKI. If you did not managed it yet checkย KB2112009.

Today we’ll be talking about NSX certificates.
Installing trusted certificate is quite easy in NSX. The action relies on four steps :

Create the NSX CSR

From the NSX Manager administration interface (reachable via http://NSXManager-FQDN with admin account and “default” as password if you did not change it) :

  • Go to > Manage Appliance Settings > SSL Certificates
  • Click on “Generate CSR”
  • Fill the form like that shown below

  • Once filled and validated
  • Click on “Download CSR”
  • Edit the tab so you can copy/paste the content so you can use right after

Generate the signed certificate

From your MS PKI web page (https://PKI-FQDN/certsrv) :

  • Click onย  Submit an Advanced Certificate Request > Submit a certificate request by using a base-64-encoded…
  • Paste the content of the CSR and select the VMware Certificate template

  • Click on submit
  • Check the box “Base 64 encoded”
  • Click on “Download certificate”

Build the certificates chain

At this step you will need to use the Root-CA certificate of your MS PKI.

Before building the SSL chain, verify that the NSX certificate has been correctly created

  • Edit both NSX and Root-CA certificate with a text editor (notepad ++ for example).
  • Paste in a new page and in this order the content of the NSX certificate, then the content of the root certificate
  • Save the new file as nsx-chained.cer

The new chain should be like that :

  • Import the certificate

Go back to the NSX Manager administration interface :

  • Go to > Manage Appliance Settings > SSL Certificates
  • Click this time on “Import”
  • Browse and select the chained created previously

  • As mentioned, the new certificate has been added, reboot the appliance

  • Confirm the reboot , wait a bit and refresh.
  • No more warning ๐Ÿ™‚


Thank you guys for reading and as usual, feel free to comment, share and give me support ๐Ÿ™‚


Posted in Network Virtualization, NSX Tagged with: ,

March 5th, 2017 by axel

As I was deploying my first NSX controller cluster, i faced a really annoying issue : The second node deployment was stuck on “Deploying” status.

I had already tried without any improvement to :

  • stop the node and restart the manager only
  • restart the new node and the manager,
  • keep the node running and restart the manager

Unable to cancel, remove, kill (or whatever you want ๐Ÿ™‚ ) the task, i decided to browse the NSX API guide.

This post will show you the different steps i followed to remove the task from the task queue and redeploy my second node.

My lab consisted of :

vSphere 5.1 => vCloud director 5.1 => vApp => Nested ESXi 6.0.u1 => vcsa 6.0.u1 (external install) + NSX manager 6.1.4 + NSX controller


After installing the Firefox REST Client (this post talks about the installation of Firefox RESTClient ):

I was able to confirm the status of the second node


I was then able to redeploy my controller ๐Ÿ™‚

PS : Notice that if you have to delete the last controller, you will have to force the removal by using the command https://NSXManagerIP/api/2.0/vdn/controller/controller-ID?forceRemoval=True.

Posted in NSX, Virtualization Tagged with: , ,