Renew or replace the self-signed SSL certificates assigned to various components of NSX version 4.2 and later through the GUI interface only
Article ID: 376246
Updated On:
Products
VMware NSX
Issue/Introduction
From NSX version 4.2 onwards, the NSX Certificate Management introduces operational ease via NSX's revamped certificate management capabilities such as :-
- Certificate replacement (single or multiple) via NSX GUI.
- Renewal of certificates and automatic notifications for expiring certificates
Environment
VMware NSX Version 4.2 and later
Resolution
This procedure applies to all NSX components with self-signed certificates only.
- Log in to the NSX Manager as user admin.
- Navigate to the location, System -> Settings -> Certificate -> Ensure you select the Appliance Option.
- Filter with "Expired Certificate" or "Expiring Certificate" to get list of expired certificates or expiring certificates in 30 days.
- The following certificates of the NSX manager appliance have expired.
- To know more about the types of NSX manager certificate, refer to the documentation -> Replace Certificates Through NSX Manager
- Click on the vertical 3 dots next to the certificate and select Replace Certificate.
- This should prompt a pop-up window as shown below. Ensure the certificate Type is Self Signed and "Select Certificate to Replace With" is "Generate Self Signed Certificate"
- Click on Save
- After clicking on save, ensure there is a notification stating "Certificate Replacement Operation Completed"
- After generating a new self-signed certificate, ensure the following things:
- Certificate has a new UUID.
- Certificate is used by the corresponding NSX manager node.
- Certificate is Valid with proper validity. To know the validity assigned to each certificate type, refer Types of Certificates and Certificates for NSX and NSX Federation
Additional Information
To replace the certificate using the API, refer the article here Replace Certificates Through API
To replace the certificate using the CARR script, refer the article here Using Certificate Analyzer, Results and Recovery (CARR) Script to fix certificate related issues in NSX
Feedback
Yes
No
Powered by
