You can import a signed certificate for an NSX generated CSR (certificate signing request). You can also use this imported certificate with services such as Load Balancer, VPN, and TLS Inspection. This page provides the steps to import a signed certificate for NSX generated CSR.

A self-signed certificate acts as a certificate as well as CA. It is not required to be signed from any external CA, whereas CSR is a certificate signing request that cannot act as CA and must be signed by external CA. There is no support for a self-signed certificate for load balancer.

When you use a self-signed certificate the client user receives a warning message such as, Invalid Security Certificate. The client user must then accept the self-signed certificate when first connecting to the server in order to proceed. Allowing client users to select this option provides reduced security than other authorization methods.



  1. With admin privileges, log in to NSX Manager.
  2. Select System > Certificates.
  3. Click the CSRs tab.
  4. From a CSR, click Available Actions and select Import Certificate for CSR.
  5. Browse to the signed certificate file on your computer and add the file.
  6. Choose your Service Certificate type.
    1. To use this certificate for services such as load balancer, VPN, or TLS Inspection, toggle the Service Certificate button to Yes.
    2. To use this certificate with NSX Manager appliance nodes, toggle the Service Certificate button to No.
  7. Click Save.


The signed certificate appears in the Certificates tab.