After you rotate the Local Manager certificates using SDDC Manager, you obtain the new certificate thumbprint to update it in the Global Manager cluster.

Procedure

  1. In a web browser, log in to Global Manager at https://nsx_gm_vip_fqdn/).
  2. Obtain certificate thumbprint.
    1. Log in to a vCenter Server by using a Secure Shell (SSH) client.
    2. Run the shell command to switch to the bash shell.
    3. Run the command to retrieve the SHA-256 thumbprint of the virtual IP for the NSX Manager cluster certificate. 
      echo -n | openssl s_client -connect nsx_lm_vip_fqdn:443 2>/dev/null | openssl x509 -noout -fingerprint -sha256
    4. Save the thumbprint value.
  3. Update the Local Manager certificate thumbprint in the Global Manager.
    1. On the main navigation bar, click System.
    2. In the navigation pane, select Location Manager.
    3. Under Locations, select the Local Manager instance, and click Actions.
    4. Click Edit Settings and update NSX Local Manager Certificate Thumbprint.
    5. Click Check Compatibility and click Save.
    6. Wait for the Sync Status to display success and verify that all Local Manager nodes appear.
  4. Under Locations, update the Local Manager certificate thumbprint for all the instances.