After you replace the certificates of all Platform Services Controller instances and all vCenter Server instances, replace the certificates for the NSX Manager instances.  To update the new certificates on the secondary NSX Manager instances in Region B and on vRealize Operations Manager, reconnect NSX Manager to these components. You also re-establish the connection to vCenter Server and Platform Services Controller.

About this task

You replace certificates twice, once for each NSX Manager. You first start replacing certificates on the NSX Manager for the sfo01m01nsx01.sfo01.rainpole.local management cluster.

Table 1. Certificate-Related Files on the NSX Manager Instances in Region A

NSX Manager FQDN

Certificate File Name

Replacement Order

sfo01m01nsx01.sfo01.rainpole.local

sfo01m01nsx01.4.p12

After you replace the certificate on the Management vCenter Server

sfo01w01nsx01.sfo01.rainpole.local

sfo01w01nsx01.4.p12

After you replace the certificate on the Compute vCenter Server

Procedure

  1. On the Windows host that has access to the data center, log in to the NSX Manager Web interface.
    1. Open a Web browser and go to following URL. 

      NSX Manager

      URL

      NSX Manager for the management cluster

      https://sfo01m01nsx01.sfo01.rainpole.local

      NSX Manager for the shared compute and edge cluster

      https://sfo01w01nsx01.sfo01.rainpole.local

    2. Log in using the following credentials.

      Setting

      Value

      User name

       admin

      Password

       nsx_manager_admin_password

  2. On the Home page, select Manage Appliance Settings.
  3. On the Manage tab, click SSL Certificates, click Upload PKCS#12 Keystore
  4. Browse to the certificate chain file sfo01m01nsx01.4.p12, provide the keystore password or passphrase and click Import.
  5. Restart the NSX Manager to update the CA-signed certificate.
    1. In the right corner of the NSX Manager page, click the Settings icon. 
    2. From the drop-down menu, select Reboot Appliance.
  6. Re-register the NSX Manager to the Management vCenter Server and Platform Services Controller pair.
    1. Open a Web browser and go to the NSX Manager Web interface.

      Setting

      Value

      NSX Manager for the management cluster

      https://sfo01m01nsx01.sfo01.rainpole.local

      NSX Manager for the shared compute and edge cluster

      https://sfo01w01nsx01.sfo01.rainpole.local

    2. Log in using the following credentials. 

      Setting

      Value

      User name

       admin

      Password

       nsx_mngr_admin_password

    3. Click Manage vCenter Registration.
    4. Under Lookup Service ULR, click the Edit button.
    5. In the Lookup Service URL dialog box, enter the following settings, and click OK.

      Setting

      Value

      Lookup Service IP

      sfo01psc01.sfo01.rainpole.local

      Lookup Service Port

      443

      SSO Administrator User Name

      administrator@vsphere.local

      Password

      vsphere_admin_password

    6. In the Trust Certificate? dialog box, click Yes.
    7. Under vCenter Server, click the Edit button.
    8. In the vCenter Server dialog box, enter the following settings, and click OK.

      Setting

      Value for the NSX Manager for the Management Cluster

      Value for the NSX Manager for the Shared Edge and Compute Cluster

      vCenter Server

      sfo01m01vc01.sfo01.rainpole.local

      sfo01w01vc01.sfo01.rainpole.local

      vCenter User Name

      svc-nsxmanager@rainpole.local

      Password

      svc-nsxmanager_password

    9. In the Trust Certificate? dialog box, click Yes.
    10. Wait until the Status indicators for the Lookup Service and vCenter Server change to Connected.
  7. Reconnect to the secondary NSX Manager instances in Region B.
    1. Open a Web browser and go to https://sfo01m01vc01.sfo01.rainpole.local.
    2. Log in using the following credentials.

      Setting

      Value

      User name

      administrator@vsphere.local

      Password

      vsphere_admin_password

    3. From the vSphere Web Client Home menu, select Networking & Security.
    4. Click Installation in the Navigator.
    5. On the Management tab , select the 172.17.11.65 instance from the NSX Manager menu.
    6. Select Actions > Disconnect from Primary NSX Manager.

      Roles

      Management NSX Managers in both Regions

      Shared Edge and Compute NSX Managers in both Regions

      Primary

      172.16.11.65

      172.16.11.66

      Secondary

      172.17.11.65

      172.17.11.66

    7. On the Management tab , select the 172.16.11.65 instance from the NSX Manager drop-down menu.
    8. Select Actions > Add Secondary NSX Manager.
    9. In the Add Secondary NSX Manager dialog box, enter the following settings and click OK.

      Setting

      Management NSX Manager in region B

      Shared Edge and Compute NSX Manager in region B

      NSX Manager

      172.17.11.65

      172.17.11.66

      User name

      admin

      admin

      Password

      nsx_manager_admin_password

      nsx_manager_admin_password

      Confirm Password

      nsx_manager_admin_password

      nsx_manager_admin_password

    10. In the Trust Certificate confirmation dialog box, click Yes.
  8. Repeat the steps for the NSX Manager instance for the shared edge and compute cluster.
  9. Reconnect the NSX Manager instances to vRealize Operations Manager.
    1. Open a Web browser and go to https://vrops01svr01.rainpole.local.
    2. Log in using the following credentials.

      Setting

      Value

      User name

      admin

      Password

      vrops_admin_password

    3. On the main navigation bar, click Administration.
    4. In the left pane of vRealize Operations Manager, click Certificates under Management.
    5. Delete the certificates with the following CNs.
      • CN=sfo01m01nsx01.sfo01.rainpole.local

      • CN=sfo01w01nsx01.sfo01.rainpole.local

    6. In the left pane of vRealize Operations Manager, click Solutions.
    7. From the solution table on the Solutions page, select the Management Pack for NSX-vSphere solution, and click the Configure icon at the top.
    8. In the Manage Solutions dialog box, from the Adapter Type table at the top, select NSX-vSphere Adapter.
    9. Click the sfo01m01nsx01-sfo01 adapter instance, click Test Connection, accept the new certificate, and click Save settings.
    10. Click the sfo01w01nsx01-sfo01 adapter instance, click Test Connection, accept the new certificate, click Save settings, and click Close.