VMware NSX-T Data Center 3.x

1. Use CLI to update the certificate on the NSX Intelligence node:
   
   For example:

set intelligence node cert-b64-encoded-pem LSAM...UdJT cert-b64-private-key ES8tL...CRJM
   
   
2. Log in to the NSX Manager User Interface (Unified Appliance UI) and import the self-signed certificate used in step-1 and note down the certificate ID for this newly created/imported certificate.
    
3. Get the pace node principal identity ID:
   
   For example:
   
   curl -i -k  --request GET 'https://<NSXMGR_IP>/api/v1/trust-management/principal-identities' --header 'Content-Type: application/json' --header 'X-NSX-Username: admin' --header 'Authorization: Basic YWRtaW46QWRtaW4hMjNBZG1pbg=='

Note: Ensure to note down the ID in the output with "name": "nsx-intelligence" and "node_id": "pace_node".
   
   
4. Update the principal identity of NSX Intelligence node using this curl command:
   
   For example:
   
   curl -i -k  --request POST 'https://<NSXMGR_IP>/api/v1/trust-management/principal-identities?action=update_certificate' --header 'X-NSX-Username: admin' --header 'x-allow-overwrite: true' --header 'Authorization: Basic ############taW4hMjNBZG1pbg==' --header 'Content-Type: application/json' --data-raw '{
    "principal_identity_id" : <principal_identity_id_from_step_3>,
    "certificate_id" : <certificate_id_from_step_2>
}'


5. Log in to all three NSX Manager nodes (Unified appliances) using SSH and admin user. 
6. Restart the http service on all three nodes by running this command:
   
   restart service http
    
7. Wait for the Unified Appliance cluster to become stable by verifying using this command:
   
   get cluster status
    
8. Log in to NSX Intelligence node using SSH and root user and run this command:
   
   /opt/vmware/pace/server/pace-server-post-cert-node-register.sh
    
9. Wait for the NSX Intelligence node to come to stable state by tracking its state from NSX Manager UI(Unified Appliance UI).