You can generate a certificate signing request (CSR) and get it signed by a certification authority (CA). If you generate a CSR at the global level, it is available to all NSX Edges in your inventory.
Procedure
- Do one of the following:
- Generate a global certificate signing request for the NSX Manager.
- Log in to the NSX Manager virtual appliance.
- Click Manage Appliance Settings, and then click SSL Certificates.
- Click Generate CSR.
- Generate a certificate signing request for an NSX Edge.
- Log in to the vSphere Web Client.
- Navigate to Networking & Security > NSX Edges.
- Double-click an NSX Edge.
- Click Manage > Settings > Certificates.
- Click CSR Actions or Actions, and then click Generate CSR.
- Generate a global certificate signing request for the NSX Manager.
- Type your organization unit and name.
- Type the locality, street, state, and country of your organization.
- Select the encryption algorithm for communication between the hosts.
Attention: SSL VPN-Plus only supports RSA certificates.
- Edit the default key size, if necessary.
- Type a description for the certificate.
- Click OK.
The CSR is generated and displayed in the Certificates list.
- Have an online Certification Authority sign this CSR.
- Do one of the following:
- Import certificate at the global level in the NSX Manager virtual appliance.
- Click the Manage Appliance Settings, and then click SSL Certificates.
- Click Import.
- In the Import SSL Certificate dialog box, click Choose File, and browse to the signed certificate file.
- Click Import.
- Import certificate for the NSX Edge.
- Copy the contents of the signed certificate that you received from the certification authority.
- In the vSphere Web Client, double-click the NSX Edge.
- Click CSR Actions or Actions, and then click Import Certificate.
- In the Import Certificate dialog box, paste the contents of the signed certificate.
- Click OK.
The CA-signed certificate appears in the certificates list. - Import certificate at the global level in the NSX Manager virtual appliance.
