One method of obtaining an SSL certificate for NSX Manager is use the built-in CSR generator.

About this task

This method is limited in that the CSR cannot contain extended attributes such as subject alternate name (SAN). If you wish to include extended attributes, you must you another CSR generation tool. If you are using another CSR generation tool, skip this procedure.

Procedure

  1. Log in to the NSX Manager virtual appliance.
  2. Click Manage Appliance Settings.
  3. From the Settings panel, click SSL Certificates.
  4. Click Generate CSR.

  5. Complete the form by filling in the following fields:

    Option

    Action

    Key Size

    Select the key length used in the selected algorithm.

    Common Name

    Type the IP address or fully qualified domain name (FQDN) of the NSX Manager. VMware recommends that you enter the FQDN.

    Organization Unit

    Enter the department in your company that is ordering the certificate.

    Organization Name

    Enter the full legal name of your company.

    City Name

    Enter the full name of the city in which your company resides.

    State Name

    Enter the full name of the state in which your company resides.

    Country Code

    Enter the two-digit code that represents your country. For example, the United States is US.

  6. Click OK.
  7. Send the CSR to your CA for signing.
    1. Download the generated request by clicking Download CSR.

      Using this method, the private key never leaves the NSX Manager.

    2. Submit this request to your CA.
    3. Get the Signed Certificate and Root CA and any intermediary CA certificates in PEM format.
    4. To convert CER/DER formatted certificates to PEM, use the following OpenSSL command:
      openssl x509 -inform der -in Cert.cer -out 4-nsx_signed.pem
    5. Concatenate all the certificates (server, intermediary and root certificates) in a text file.
    6. In the NSX Manager UI, click Import and browse to the text file with all of the certificates.
    7. Once the import is successful, the server certificate and all the CA certificates will be shown on the SSL Certificates page.

What to do next

Import the signed SSL certificate into NSX Manager.