| |
Service Type(This is the name to use for all external documentation) |
Application |
Alias |
(Default) algorithm keysize |
Port |
Client/Server |
Description |
Replaceable via UI |
Expiry time |
| 1 |
API |
Reverse Proxy |
tomcat |
RSA 2048 |
443 |
Server |
API server certificate for NSX Manager node |
Y |
825 days |
| 2 |
MGMT_CLUSTER
(aka VIP) |
Reverse Proxy |
mp-cluster |
RSA 2048 |
443 |
Server |
API server certificate for NSX Manager VIP |
Y |
825 days |
| 3 |
APH_TN |
Appliance Proxy |
|
RSA 2048 |
1234 |
Server and Client |
Appliance Proxy server public key |
Y |
3650 days |
| 4 |
APH
(aka APH_AR) |
Appliance Proxy |
|
RSA 2048 |
1236 |
Server |
AR server public key |
Y |
825 days |
| 5 |
CLIENT_AUTH (aka PI) |
UA |
PI alias |
RSA 2048 |
443 |
Client |
API client certificates for Principal Identity (no keys) |
Y |
|
| 6 |
LOCAL_MANAGER |
UA |
LocalManager |
RSA 2048 |
443 |
Client |
LocalManager Principal Identity certificate used to communicate with other sites in Federation |
Y |
825 days |
| 7 |
GLOBAL_MANAGER |
UA |
GlobalManager |
RSA 2048 |
443 |
Client |
GlobalManager Principal Identity certificate used to communicate with other sites in Federation |
Y |
825 days |
| 8 |
CBM_CLUSTER_MANAGER |
CBM |
self |
RSA 2048 |
9000 |
Client |
Corfu Client Certificate |
Y |
100 years |
| 9 |
CBM_CORFU |
CBM |
self |
RSA 2048 |
client port |
Server |
Corfu server certificate |
Y |
100 years |
| 10 |
CCP |
CCP |
self |
RSA 2048 |
1235 |
Server |
CCP certificate |
Y |
3650 days |
| 11 |
K8S_MSG_CLIENT |
NAPP/SSP |
k8s-msg-client |
RSA 2048 |
N/A |
Client |
Message Bus Client for K8S Platform Certificate Profile |
N |
825 days |
| 12 |
COMPUTE_MANAGER |
COMPUTE_MANAGER |
|
|
N/A |
Client |
User will pass certificate while add/edit compute manager, NSX first imports the certificate using trust-management API POST /v1/trust-management/certificates?action=import and uses it in CM and then uses a reserve API to map that certificate for CM POST /v1/trust-management/certificates/<certId>?action=reserve
When deleting the CM, we release certificate /v1/trust-management/certificates/<certId>?action=release and delete it v1/trust-management/certificates/<certId> |
Y |
|
| 13 |
TN |
TN |
N/A |
RSA 2048 |
N/A |
Client |
|
N |
825 days |
| 14 |
WEB_PROXY |
Web (Forward) Proxy |
WEB_PROXY |
certificate is provided by customer, we don't have control on this. |
certificate is provided by customer, we don't have control on this. |
Server |
certificate that used for communicate between NSX - proxy and any outside server(i.e notification watcher) |
Y |
certificate is provided by customer.
|
| 15 |
NAPP_COMMON_AGENT |
SSP |
napp-common-agent |
RSA 2048 |
N/A |
Client |
SSP client certificate for communicating with SSP common agent
Only activated after onboarded to SSP |
N |
825 days |
| 16 |
NAPP_PACE_AGENT |
SSP |
napp-intel-agent |
RSA 2048 |
N/A |
Client |
SSP client certificate for communicating with SSP intelligence agent
Only activated after onboarded to SSP |
N |
825 days |
| 17 |
NAPP_METRICS_AGENT |
SSP |
napp-metrics-agent |
RSA 2048 |
N/A |
Client |
SSP client certificate for communicating with SSP metrics agent
Only activated after onboarded to SSP |
N |
825 days |
| 18 |
LOGGING |
RSYSLOG (For TLS logging server)
LIAGENT (For LI-TLS logging server) |
RSYSLOG(For TLS logging server):
syslog-ca:<exporter_name>
syslog-client-ca:<exporter_name>
RSYSLOG_CLIENT
LIAGENT (For LI-TLS logging server):
Not stored in NSX trust management store |
Keys and certificates are provided by customer, we don't have control on this. |
Keys and certificates are provided by customer. |
Client and Server |
Client certificate and Server certificate for TLS communication between RSYSLOG/LIAGENT running in NSX and remote logging server. |
N |
Keys and certificates are provided by customers
|
| 19 |
NEST_DB |
|
|
|
|
|
|
N |
|
