By default NSX Manager uses a self signed SSL certificate. By default, this certificate is not trusted by end-user devices or browsers. It is a security best practice to replace these certificates with certificates that are signed by a third-party or enterprise Certificate Authority (CA).

Design ID

Design Decision

Design Justification

Design Implication


Replace the NSX Manager certificate with a certificate signed by a 3rd party Public Key Infrastructure.

Ensures communication between NSX admins and the NSX Manager are encrypted by a trusted certificate.

Replacing and managing certificates is an operational overhead.