You can import a certificate with a private key to replace the default self-signed certificate, after activation.
- Verify that a certificate is available.
- The server certificate must contain the Basic Constraints extension
basicConstraints = cA:FALSE.
- From your browser, log in with admin privileges to an NSX Manager at https://<nsx-manager-ip-address>.
- Select .
and enter the certificate details.
Option Description Name Assign a name to the certificate. Certificate Contents Browse to the certificate file on your computer and add the file. The certificate must not be encrypted. If it is a CA-signed certificate, be sure to include the whole chain in this order: certificate - intermediate - root. Private Key Browse to the private key file on your computer and add the file. This is an optional field if imported certificate is based on NSX Manager generated CSR as a private key already exists on the NSX Manager appliance. Passphrase Add a passphrase for this certificate if it is encrypted. In this release, this field is not used because encrypted certificate is not supported. Description Enter a description of what is included in this certificate. Service Certificate Set to Yes to use this certificate for services such as a load balancer and VPN. Set to No if this certificate is for the NSX Manager nodes.
- Click Import.