If you need to replace a certificate, for example, if your certificate is expiring, you can make an API call to replace the existing certificate.


Verify that a certificate is available in the NSX Manager. See Create a Self-Signed Certificate and Import a Certificate.


  1. From your browser, log in with admin privileges to an NSX Manager at https://nsx-manager-ip-address.
  2. Select System > Trust from the navigation panel.
  3. Click the Certificates tab.
  4. Click on the ID of the certificate you want to use and copy the certificate ID from the pop-up window.
  5. Use the POST /api/v1/node/services/http?action=apply_certificate API call to replace the existing certificate. For example,
    POST https://<nsx-mgr>/api/v1/node/services/http?action=apply_certificate&certificate_id=e61c7537-3090-4149-b2b6-19915c20504f

    For more information, see the NSX-T API Reference.


The API call restarts the HTTP service so that the service can begin using the new certificate. When the POST request succeeds, the response code is 200 Accepted.