You can generate a CSR and get it signed by a CA. If you generate a CSR at the global level, it is available to all NSX Edges in your inventory.

Procedure

  1. Do one of the following.

    Option

    Description

    To generate a global certificate

    1. Log in to the NSX Manager Virtual Appliance.

    2. Click the Manage tab and then click SSL Certificates.

    3. Click Generate CSR.

    To generate a certificate for an NSX Edge

    1. Log in to the vSphere Web Client.

    2. Click Networking & Security and then click Edge Services.

    3. Double-click an NSX Edge.

    4. Click the Manage tab and then click Settings.

    5. Click the Certificates link.

    6. Click Actions and select Generate CSR.

  2. Type your organization unit and name.
  3. Type the locality, street, state, and country of your organization.
  4. Select the encryption algorithm for communication between the hosts.

    Note that SSL VPN-Plus only supports RSA certificates.

  5. Edit the default key size if required.
  6. For a global certificate, type a description for the certificate.
  7. Click OK.

    The CSR is generated and displayed in the Certificates list.

  8. Have an online Certification Authority sign this CSR.
  9. Import the signed certificate.
    1. Copy the contents of the signed certificate.
    2. Do one of the following.
      • To import a signed certificate at the global level, click Import in the NSX Manager Virtual Appliance.

      • To import a signed certificate for an NSX Edge, click Actions and select Import Certificate in the Certificates tab.

    3. In the Import CSR dialog box, paste the contents of the signed certificate.
    4. Click OK.

    The CA signed certificate appears in the certificates list.