• After generating a Certificate Signing Request (CSR) in NSX Manager, there is no option to download the private key file along with the CSR.
• Only the CSR file is available for download from the NSX Manager interface.
• The private key file download option is not visible in the certificate management workflow.

VMware NSX

This is expected behavior by design. NSX Manager securely generates and stores the private key internally within the appliance when creating a CSR. The private key is never exposed or made available for download through the NSX Manager interface as a security measure to prevent potential key compromise.

No action is required. Follow the standard NSX certificate workflow:

1. Download the generated CSR from NSX Manager
2. Submit the CSR to your Certificate Authority (CA) for signing
3. Receive the signed certificate from the CA
4. Import the signed certificate back into NSX Manager
5. NSX automatically associates the imported certificate with the stored private key

When the CSR is generated on the NSX appliance:

• The private key is created and stored securely within the appliance's certificate store
• Only the public key is included in the CSR
• The CA uses the public key from the CSR to generate the signed certificate
• Upon certificate import, NSX automatically matches the imported certificate with its corresponding private key

Reference Documentation:

• Create a Certificate Signing Request File: https://techdocs.broadcom.com/us/en/vmware-cis/nsx/vmware-nsx/4-2/administration-guide/certificates/create-a-certificate-signing-request-file.html
• Import CSR Certificate: https://techdocs.broadcom.com/us/en/vmware-cis/nsx/vmware-nsx/4-2/administration-guide/certificates/creating-self-signed-certificates/import-csr-certificate.html

Note: If you need to generate a certificate externally on your CA without using NSX's CSR generation, create both the certificate and private key on the CA, then import both the certificate and private key into NSX using the Import a Certificate function: https://techdocs.broadcom.com/us/en/vmware-cis/nsx/vmware-nsx/4-2/administration-guide/certificates/importing-certificates/import-a-certificate.html

If the issue persists after following these steps, contact Broadcom Support for further assistance.