Replace the default certificates on the remaining Global Manager nodes.

Table 1. URLs for Replacing the Global Manager Node Certificates
NSX Manager Node POST URL for Certificate Replacement
gm_node2_fqdn https://gm_node2_fqdn/api/v1/node/services/http?action=apply_certificate&certificate_id=gm_vip_fqdn_certificate_ID
gm_node3_fqdn https://gm_node3_fqdn/api/v1/node/services/http?action=apply_certificate&certificate_id=gm_fqdn_certificate_ID
gm_vip_fqdn https://gm_vip_fqdn/api/v1/cluster/api-certificate?action=set_cluster_certificate&certificate_id=gm_vip_fqdn_certificate_ID

Procedure

  1. In a web browser, log in to the active Global Manager at https://gm_vip_fqdn/.
  2. Log in to the host that has access to your data center.
  3. Replace the default certificate for the second Global Manager node with the CA-signed certificate by using the first Global Manager node as a source.
    1. Start the Postman application in your web browser and log in.
    2. On the Authorization tab, configure the following settings.
      Setting Value
      Type Selecr Basic Auth.
      User name Enter admin.
      Password Enter the nsx_admin_password.
    1. Click Update request.
    2. On the Headers tab, enter the header details.
      Setting Value to Select
      Key Content-Type
      Key Value application/xml
    3. In the request pane at the top, send the URL query.
      Setting Value
      HTTP request method Select POST.
      URL Enter https://<gm_node2_fqdn>/api/v1/node/services/http?action=apply_certificate&certificate_id=firstinstance_gm_vip_certificate_ID

      After the NSX Manager appliance responds, the Body tab displays a 200 OK status.

  4. To upload the CA-signed certificate on the third Global Manager node, repeat steps 2 to step 4 with appropriate values.
  5. Restart the second and third Global Manager nodes.
    1. Log in to vCenter Server.
    2. In the inventory expand vCenter Server > Datacenter > Cluster
    3. Right-click the second and third Global Manager nodes and click Actions > Power > Restart guest OS.
  6. Verify the status of each Global Manager node.
    1. In a web browser, log in to the first Global Manager node at https://gm_node1_fqdn/.
    2. For each node, navigate to System > Global Manager Appliances > View Details and confirm that the status is REPO_SYNC = SUCCESS.
  7. Assign a certificate to the Global Manager cluster.
    1. Start the Postman application in your web browser and log in.
    2. On the Authorization tab, configure the following settings.
      Setting Value
      Type Select Basic Auth.
      User name Enter admin.
      Password Enter nsx_admin_password.
    3. Click Update request.
    4. On the Headers tab, add a key as follows.
      Setting Value
      Key Content-Type
      Key Value application/xml
    5. In the request pane at the top, send the URL query.
      Setting Value
      HTTP request method Select POST.
      URL Enter https://<gm_vip_fqdn>/api/v1/node/services/http?action=set_cluster_certificate&certificate_id=firstinstance_gm_vip_certificate_ID

      After the NSX Global Manager sends a response, a 200 OK status is displayed on the Body tab.