NOTE: The script needs to be run on the vCenter (Compute Manager) registered to the VMware NSX Managers, confirm under: System, Fabric, Compute Managers.
The script will only replace the Manager Node Certificate and Cluster (VIP) certificate, it is not intended to be used for any other certificates.
The script is available to download from this KB.
Script Usage:
To see the syntax and commands available, run python nsxVmcaCert.py
# python nsxtVmcaCert.py -f <nsxt_manager_fqdn> -m
# python nsxtVmcaCert.py -f <nsxt_vip_fqdn> -v
The script needs to be re-run for each VMware NSX Manager and VIP that we need to replace the certificates on.
For example:
If we have 3 VMware NSX Manager nodes VIP is configured, we need to run the script 4 times:
python nsxtVmcaCert.py -f <nsx-manager-node1-fqdn> -m
python nsxtVmcaCert.py -f
<nsx-manager-node2-fqdn>
-m
python nsxtVmcaCert.py -f
<nsx-manager-node3-fqdn>
-m
python nsxtVmcaCert.py -f <cluster-vip-fqdn-address> -v
NOTE: The FQDN for the NSX manager can be verified with the below API call, and the same FQDN value must be passed to run the python script for replacing the certificates:GET https://<NSX-Manager-IP>/api/v1/cluster