To provide role-based access control for Active Directory users after the Active Directory server's certificate is replaced, you must re-establish trust between NSX and Active Directory over LDAPS.

Procedure

  1. Log in to NSX Manager at https://<nsx_manager_fqdn>/login.jsp?local=true as admin.
  2. On the main navigation bar, click System.

  3. In the left pane, click Settings > User management and click the Authentication providers tab.

  4. Click the LDAP tab.

  5. Click the ellipses for the LDAP domain and click Edit.

  6. Under LDAP servers, click 1.

  7. In the Set LDAP server dialog box, click the ellipses for the LDAP server and click Edit.

  8. In the Certificate text box, paste the new certificate and click Add.

  9. Click Apply and click Save.

  10. Repeat the procedure for each NSX Local Manager in each workload domain.

  11. Repeat the procedure for the NSX Global Managers of the management domain and each workload domain.

What to do next

Verify that you can successfully log in to the NSX instances with an Active Directory user account. See Verify Authentication to NSX by Using an Active Directory User Account for Identity and Access Management for VMware Cloud Foundation.