If you used another tool, such as OpenSSL, to create the NSX Manager certificate, make sure that the certificate and private key are in the PKCS 12 format. If the NSX Manager certificate and private key are not in the PKCS 12 format, you must convert them to PKCS 12 format and then import the PKCS 12 certificate file into NSX Manager.


  • Verify that OpenSSL is installed on the system. You can download openssl from http://www.openssl.org.
  • Generate a public and private key pair. For example, run the following OpenSSL command:
    openssl req -x509 -days [number of days] -newkey rsa:2048 -keyout my-key.pem -out my-cert.pem


  • After receiving the signed certificate from the authorized signer, run an OpenSSL command to generate a PKCS 12 (.pfx or .p12) keystore file from the public certificate file and your private key.

    For example:

    openssl pkcs12 -export -in my-cert.pem -inkey my-key.pem -out nsx-manager.p12
    • my-cert.pem is the signed certificate.
    • my-key.pem is the private key.
    • nsx-manager.p12 is the name of the generated output file after the conversion to PKCS 12 format.

What to do next

Import the PKCS 12 certificate file into NSX Manager.