In NSX-T Data Center 3.2, you can import a service or non-service signed certificate of an NSX-T Data Center generated CSR (certificate signing request). This page provides the step to import a signed certificate of NSX generated CSR.

A self-signed certificate acts as a certificate as well as CA. It is not required to be signed from any external CA, whereas CSR is a certificate signing request that cannot act as CA and must be signed by external CA. Note that a self-signed certificate is not supporetd for LB.

When you use a self-signed certificate the client user receives a warning message such as, Invalid Security Certificate. The client user must then accept the self-signed certificate when first connecting to the server in order to proceed. Allowing client users to select this option provides reduced security than other authorization methods.



  1. With admin privileges, log in to NSX Manager.
  2. Select System > Certificates.
  3. Click the CSRs tab.
  4. From a CSR, click and select Import Certificate for CSR.
  5. Browse to the signed certificate file on your computer and add the file.

  6. Choose your Service Certificate type.
    1. To use this certificate for services such as load balancer, VPN, or TLS Inspection, toggle the Service Certificate button to Yes.
    2. To use this certificate with NSX Manager appliance nodes, toggle the Service Certificate button to No.
  7. Click Save.


The self-signed certificate appears in the Certificates tab.