I am working on daily basis with many Customers in CEMEA region. Pretty much all of them are large Enterprises where a focus on security is quite high. As the best practice, it is recommended to replace self-signed SSL Certificates with Certificate Authority Certificates.
I already did few post about SSL Certificate replacement:
- vCenter Server 6.* – Replacing SSL certificates with Custom VMCA
- vCenter Server 6.* – Replacing SSL certificates with Enterprise VMCA
- How to replace VMware ESXi 6.* SSL certificate
Like every component NSX Manager has web based admin interface which is accessible via secured protocol. Today, I will show you how to replace NSX Manager SSL Certificate with CA SSL Certificate.
How to replace NSX Manager SSL Certificate?
Replacement of NSX Manager SSL Certificate doesn't take much time. The most problems you might have is when root and intermediate certificate have to be combined with NSX Manager SSL Certificate.
- Login to NSX Manager and click Manage Appliance Settings.
- Go to SSL Certificates.
- Click Generate CSR and fill all needed fields. Take a look on my CSR.
- Download CSR and upload it to CA for approval. vSphere 6.0 SSL Certificate template is configured by following VMware KB: Creating a Microsoft Certificate Authority Template for SSL certificate creation in vSphere 6.0 (2112009).
- Combine SSL Certificates for NSX Manager. In order to be able to import NSX SSL Certificate, it has to be merged with Intermediate and/or Root CA. It can be done in a text editor or command line. The most important thing is to remember the order
NSX SSL Certificate → Intermediate CA → Root CA
- After the successful combining of both files, certificate looks ok.
- The last step is to import it into NSX Manager. Click Import, choose file and click once again Import.
- If every step was followed we just need to reboot NSX Manager appliance.
- Reboot takes a moment to complete and after the refresh of NSX Manager web page, we see that NSX Manager SSL Certificate was replaced.
I hope this post was informative for you and you will wait for a new post on my blog.