Certificate signing request (CSR) is an encrypted text that contains specific information such as, organization name, common name, locality, and country. You send the CSR file to a certificate authority (CA) to apply for a digital identity certificate.


  • Gather the information that you need to fill out the CSR file. You must know the FQDN of the server and the organizational unit, organization, city, state, and country.
  • Verify that the public and private key pairs are available.


  1. From your browser, log in with admin privileges to an NSX Manager at https://nsx-manager-ip-address.
  2. Select System > Trust from the navigation panel.
  3. Click the CSRS tab.
  4. Click Generate CSR.
  5. Complete the CSR file details.
    Option Description
    Name Assign a name for your certificate.
    Common Name

    Enter the fully qualified domain name (FQDN) of your server.

    For example, test.vmware.com.

    Organization Name

    Enter your organization name with applicable suffixes.

    For example, VMware Inc.

    Organization Unit

    Enter the department in your organization that is handling this certificate

    For example, IT department.


    Add the city in which your organization is located.

    For example, Palo Alto.


    Add the state in which your organization is located.

    For example, California.


    Add the country in which your organization is located.

    For example, United States (US).

    Message Algorithm

    Set the encryption algorithm for your certificate.

    RSA encryption - is used for digital signatures and encryption of the message. Therefore, it is slower than DSA when creating an encrypted token but faster to analyze and validate this token. This encryption is slower to decrypt and faster to encrypt.

    DSA encryption - is used for digital signatures. Therefore, it is faster than RSA when creating an encrypted token but slower to analyze and validate this token. This encryption is faster to decrypt and slower to encrypt.

    Key Size

    Set the key bits size of the encryption algorithm.

    The default value, 2048, is adequate unless you specifically need a different Key size. Many CAs require a minimum value of 2048. Larger key sizes are more secure but have a greater impact on performance.

    Description Enter specific details to help you identify this certificate at a later date.
  6. Click Save.
    A custom CSR appears as a link.
  7. Select the CSR and click Actions.
  8. Select Download CSR PEM from the drop-down menu.
    You can save the CSR PEM file for your records and CA submission.
  9. Use the contents of the CSR file to submit a certificate request to the CA in accordance with the CA enrollment process.


The CA creates a server certificate based on the information in the CSR file, signs it with its private key, and sends you the certificate. The CA also sends you a root CA certificate.