To add a server certificate that is chained with the intermediary and root CA certificates, you require a server certificate (PEM file), a private key for the server, an intermediate and a root certificate.


  1. Log in to the vSphere Web Client.
  2. Click Networking & Security > NSX Edges.
  3. Double-click an NSX Edge.
  4. Navigate to Manage > Settings > Certificates.
  5. Click Add, and then click Certificate.
  6. In the Certificates Contents text box, paste the contents of the server cert.pem file, and then append the content of the intermediary certificates and the root certificate.
    In the certificate chain, the order of certificates must be as follows:
    • Server certificate
    • Any number of intermediate CA certificates
    • Root CA certificate

    Each certificate must include the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines, as shown in the following example:

        Server cert
    -----END CERTIFICATE-----
        Intermediate cert
    -----END CERTIFICATE-----
        Root cert
    -----END CERTIFICATE-----
  7. In the Private Key text box, paste the private key contents of the server.

    Following is an example of the private key content:

    -----END RSA PRIVATE KEY-----
  8. Enter the password for the private key of the server and renter the password to confirm.
  9. (Optional) Enter a description for the chained certificate.
  10. Click Add or OK.


After the certificate is added, the server certificate that is chained with its intermediary certificates is displayed in the certificate details.

To view certificates details:
  • In NSX 6.4.4 and later, in the Certificates table, click the text in the Issued To column. Certificate details are displayed in a pop-up window.
  • In NSX 6.4.3 and earlier, select a certificate from the grid. The Certificate Details pane below the grid displays the details of the certificate.