The Kafka messaging client self-signed certificate is used by the Security Intelligence common agent that is running in the NSX Manager unified appliance. It only supports RSA encryption. You can replace that default self-signed certificate with a CA-signed certificate.
You can replace the default self-signed certificate with either a CA-signed certificate with a private key or a CA-signed certificate with a CSR. When the certificate is being imported, the Kafka messaging service used by the NSX Manager unified appliance becomes unavailable.
Prerequisites
- You must have Enterprise Admin account privileges.
- Ensure that no active alarms exist on the NSX Application Platform.
- Verify that you have a valid certificate with a private key or a certificate with a certificate signing request (CSR). You must generate the CSR using the NSX Manager UI.