By default, NSX Manager uses a self-signed SSL certificate. This certificate is not trusted by end-user devices or web browsers. It is a security best practice to replace these certificates with certificates that are signed by a third-party or enterprise Certificate Authority (CA).

Design ID

Design Decision

Design Justification

Design Implication

SDDC-VI-SDN-043

Replace the NSX Manager certificate with a certificate signed by a third-party Public Key Infrastructure.

Ensures communication between NSX administrators and the NSX Manager are encrypted by a trusted certificate.

Replacing and managing certificates is an operational overhead.