You can create a self-signed service or non-service certificate. However, using a self-signed certificate is less secure than using a trusted certificate.
When you use a self-signed certificate the client user receives a warning message such as, Invalid Security Certificate. The client user must then accept the self-signed certificate when first connecting to the server in order to proceed. Allowing client users to select this option provides reduced security than other authorization methods.
Verify that a CSR is available. See Create a Certificate Signing Request File.
- With admin privileges, log in to NSX Manager.
- Select .
- Click the CSRs tab.
- From your selected CSR, click and select Self Sign Certificate for CSR.
Note: If you have a self signed CA CSR, NSX Manager always creates a CA CSR.
- Enter the number of days the self-signed certificate is valid.
The default is 825 days. Even if you change this value for previously generated self-signed certificate, the default value is displayed every time you generate a new certificate.
- Choose your Service Certificate type.
- Toggle the Service Certificate button to Yes to use this certificate for services such as load balancer, VPN, or TLS Inspection. If you are creating a self-signed CA certificate, Yes is the only choice.
- Toggle the Service Certificate button to No to use this certificate with NSX Manager appliance nodes.
- Click Save.
The self-signed certificate appears in the Certificates tab.