After you install NSX Manager, you replace its certificate with a CA-signed certificate.

About this task

You generate certificates for the SDDC management components on a Windows host by using VMware Validated Design Certificate Generation Utility (CertGenVVD).

Table 1. Certificate-Related Files on the NSX Manager Instance

NSX Manager FQDN

Certificate File Name

Replacement Time


sfo01w01nsx01.sfo01.4.p12 from the automation generation.

Right after deployment of the NSX Manager instance.


  1. On the Windows host that has access to the data center and contains the generated certificates, log in to the NSX Manager Web interface.
    1. Open a Web Browser and go to following URL https://sfo01w01nsx01.sfo01.rainpole.local
    2. Log in using the following credentials.



      User name




  2. Click the Manage Appliance Settings button.
  3. On the Manage tab, click SSL Certificates and click Upload PKCS#12 Keystore.
  4. Browse to the certificate chain file sfo01w01nsx01.sfo01.4.p12, provide the keystore password or passphrase and click Import.
  5. In the right corner of the NSX Manager user interface, click the Settings icon. 
  6. From the drop-down menu, select Reboot Appliance.

    The NSX Manager restarts, which in turn propagates the CA-signed certificate.