This article explains how to replace the SSL certificates used by NSX-T (NSX Manager) and links to the documentation you need for each method.
VMware NSX
If you see a warning that certificates are expiring, check the status of all current certificates in System → Certificates. Look at the Validity, Expire Date, and Where Used fields. If Where Used is 0, that certificate is not in use as a cluster or federation certificate.
Here is a screenshot on NSX-T 4.x showing the certificate view:
(NSX-T 4.x System → Certificates page, showing the Validity, Expire Date, and Where Used columns.)
If you're replacing a certificate for a reason other than expiry, first determine whether your environment uses federation, and whether you're replacing only the manager certificates or both the manager and federation certificates.
For details on the certificate types available for replacement, see Types of Certificates.
Determine your requirements:
Generate and sign the replacement certificates using the method that matches your requirements:
Once you've identified which certificates to replace and your requirements for them, follow the matching process below to generate and sign them.
Validate Certificates:
Now that the certificates are imported or generated and signed, verify that NSX-T sees them as valid before assigning them to a service. Run the following API call:
GET https://<nsx-mgr>/api/v1/trust-management/certificates/<cert-id>?action=validateTo find the certificate ID, copy the ID field shown in the NSX Manager UI, or run the following API call to list all certificates and use the value of its id field:GET https://<nsx-mgr>/api/v1/trust-management/certificatesReplace generated certificates:
Before NSX 4.2: API call for replacing the certs are covered in Replace Certificates.
NSX 4.2 and above:
Supporting Documents:
For documentation on the different certificate types for federation and the managers see Certificates for NSX Federation and Types of Certificates.
Known Issues:
replace_cert.py script here to replace them automatically.