Replace the self-signed certificates with OpenSSL-signed certificates generated by SDDC Manager.
- In the navigation pane, click .
- On the Workload Domains page, from the table, in the domain column click the workload domain you want to view.
- On the domain summary page, click the Certificates tab.
- Generate CSR files for the target components.
- From the table, select the check box for the resource type for which you want to generate a CSR.
- Click Generate CSRs.
The Generate CSRs wizard opens.
- On the Details dialog, configure the settings and click Next.
Select the key algorithm for the certificate.
Select the key size (2048 bit, 3072 bit, or 4096 bit) from the drop-down menu.
Optionally, enter a contact email address.
Use this field to differentiate between divisions within your organization with which this certificate is associated.
Type the name under which your company is known. The listed organization must be the legal registrant of the domain name in the certificate request.
Type the city or locality where your company is legally registered.
Type the full name (do not abbreviate) of the state, province, region, or territory where your company is legally registered.
Type the country name where your company is legally registered. This value must use the ISO 3166 country code.
- (Optional) On the Subject Alternative Name dialog, enter the subject alternative name(s) and click Next.
You can enter multiple values separated by comma (,), semicolon (;), or space ( ). For NSX-T, you can enter the subject alternative name for each node along with the Virtual IP (primary) node.Note: Wildcard subject alternate name, such as *.example.com is not recommended.
- On the Summary dialog, click Generate CSRs.
- Generate signed certificates for each component.
- From the table, select the check box for the resource type for which you want to generate a signed certificate.
- Click Generate Signed Certificates.
- In the Generate Certificates dialog box, from the Select Certificate Authority drop-down menu, select OpenSSL.
- Click Generate Certificates.
- Install the generated signed certificates for each component.
- From the table, select the check box for the resource type for which you want to install a signed certificate.
- Click Install Certificates.