You can import a certificate with a private key to replace the default self-signed certificate after activation.

Note that only RSA-based certificates are supported.


Verify that a certificate is available.


  1. From your browser, log in with admin privileges to an NSX Manager at https://<nsx-manager-ip-address>.
  2. Select System > Certificates.
  3. Select Import > Import Certificate and enter the certificate details.
    Option Description
    Name Assign a name to the certificate.
    Certificate Contents Browse to the certificate file on your computer and add the file. The certificate must not be encrypted. If it is a CA-signed certificate, be sure to include the whole chain in this order: certificate - intermediate - root.
    Private Key Browse to the private key file on your computer and add the file.
    Passphrase Add a passphrase for this certificate if it is encrypted. In this release, this field is not used because encrypted certificate is not supported.
    Description Enter a description of what is included in this certificate.
    Service Certificate Set to Yes to use this certificate for services such as a load balancer and VPN. Set to No if this certificate is for the NSX Manager nodes.
  4. Click Import.