You can import a signed certificate for an NSX generated CSR (certificate signing request). You can also use this imported certificate with services such as Load Balancer, VPN, and TLS Inspection. This page provides the steps to import a signed certificate for NSX generated CSR.
A self-signed certificate acts as a certificate as well as CA. It is not required to be signed from any external CA, whereas CSR is a certificate signing request that cannot act as CA and must be signed by external CA. There is no support for a self-signed certificate for load balancer.
When you use a self-signed certificate the client user receives a warning message such as, Invalid Security Certificate. The client user must then accept the self-signed certificate when first connecting to the server in order to proceed. Allowing client users to select this option provides reduced security than other authorization methods.
Prerequisites
- Verify that a CSR is available. See Create a Certificate Signing Request File.
- NSX generated CSR was used as a CSR for signed certificate.
Procedure
- With admin privileges, log in to NSX Manager.
- Select .
- Click the CSRs tab.
- From a CSR, click
and select Import Certificate for CSR. - Browse to the signed certificate file on your computer and add the file.
- Choose your Service Certificate type.
- To use this certificate for services such as load balancer, VPN, or TLS Inspection, toggle the Service Certificate button to Yes.
- To use this certificate with NSX Manager appliance nodes, toggle the Service Certificate button to No.
- Click Save.
Results
The signed certificate appears in the Certificates tab.
