Restore the NSX Manager SSL Certificate

After you add the new NSX Manager node to the cluster and validate the cluster status, you must restore the SSL certificate to the new node.

To view the certificate of the failed NSX Manager cluster node, you log in to the NSX Manager for the domain.

Table 1. NSX Manager Clusters in the SDDC
NSX Manager Cluster	NSX Manager URL
Management domain NSX Manager cluster	`https://<FQDN of management domain NSX Manager>/login.jsp?local=true`
Workload domain NSX Manager cluster	`https://<FQDN of workload domain NSX Manager>/login.jsp?local=true`

This procedure is an example for restoring the certificate of a management domain NSX Manager cluster node.

Procedure

In a Web browser, log in to the NSX Manager cluster for the management domain.


Setting	Value
URL	`https://<FQDN of management domain NSX Manager>/login.jsp?local=true`
User name	admin
Password	`nsx_admin_password`

On the main navigation bar, click System.
In the left pane, under Settings, click Certificates.
Locate and copy the ID of the certificate that was issued by CA to the node that you are restoring.

Run the command to install the CA-signed certificate on the new NSX Manager node.

curl -H 'Accept: application/json' -H 'Content-Type: application/json'\ --insecure -u 'admin:nsx_admin_password' -X POST\ 'https://nsx_host_node/api/v1/node/services\/http action=apply_certificate&certificate_id=certificate_id'

What to do next

Important:

If assigning the certificate fails because the certificate revocation list (CRL) verification fails, see https://kb.vmware.com/kb/78794. If you disable the CRL checking to assign the certificate, after assigning the certificate, you must re-enable the CRL checking.