After you replace the certificates of all Platform Services Controller instances and all vCenter Server instances, replace the expiring certificates for the NSX Manager instances.

Use the following certificate file to replace the certificate on the NSX Manager instance:

Table 1. Certificate-Related Files on the NSX Manager Instance for Consolidated SDDC

NSX Manager FQDN

Certificate Filename




  1. Log in to the NSX Manager appliance user interface.
    1. Open a Web browser and go to https://sfo01w01nsx01.sfo01.rainpole.local.
    2. Log in using the following credentials.



      User name




  2. On the Home page, select Manage Appliance Settings.
  3. On the Manage tab, click SSL Certificates, click Upload PKCS#12 Keystore.
  4. Browse to the certificate chain file sfo01w01nsx01.4.p12, provide the keystore password or passphrase, and click Import.
  5. Restart the NSX Manager to propagate the CA-signed certificate.
    1. In the right corner of the NSX Manager page, click the Settings icon. 
    2. From the drop-down menu, select Reboot Appliance.
    3. On the Reboot Confirmation dialog box, click Yes.