Below error is seen when applying ca signed csr certificate by running POST API call , even though the certificate validation is successful:

https://<nsx-mgr>/api/v1/node/services/http?action=apply_certificate&certificate_id=<certificate_id>

"error code":36237
"error_message":"specificed certificate_id'certificate-id' does not have a private key";

"module_name": "node_services"

CA signed CSR certificate has been directly imported  under certificate tab (without private-key)

System -> Certificates -> Certificate tab -> click 'Import certificate'

This only imports certificate content -  Root CA, Intermediate CA, Leaf certificate and leaves private-key option empty. 

When not having private-key always use CSR tab to import  CA signed CSR certificate 

System -> Certificates -> CSRs tab -> Select the generated CSR certificate  and Click Action and select ' Import certificate for CSR' option -> import the CA signed CSR certificate. 

After importing the CA signed CSR certificate.  The CA signed CSR certificate should reflect under Certificates tab. 

Use the Certificate-id seen under certificate tab of the new CA signed CSR certificate to apply the certificate using api call. 

https://<nsx-mgr>/api/v1/node/services/http?action=apply_certificate&certificate_id=<certificate_id>