After you deploy the NSX Manager appliance, replace the default certificate to establish a trusted connection with the management components in the SDDC. The certificate generated by the CertGenVVD utility is signed by a certificate authority (CA) on the parent Active Directory server.

Use the following files to replace the certificate on NSX Manager for the shared edge and compute cluster.

Table 1. Certificate-Related Files on the NSX Manager Instance for the Shared Edge and Compute Cluster in Region A

NSX Manager FQDN

Certificate Filename

sfo01w01nsx01.sfo01.rainpole.local

sfo01w01nsx01.4.p12

Procedure

  1. Log in to the Compute NSX Manager appliance user interface.
    1. Open a Web browser and go to https://sfo01w01nsx01.sfo01.rainpole.local
    2. Log in using the following credentials.

      Setting

      Value

      User name

       admin

      Password

       nsx_manager_admin_password

  2. On the Home page, select Manage Appliance Settings.
  3. On the Manage tab, click SSL Certificates, click Upload PKCS#12 Keystore.
  4. Browse to the certificate chain file sfo01w01nsx01.4.p12, provide the keystore password or passphrase, and click Import.
  5. Restart the NSX Manager to propagate the CA-signed certificate.
    1. In the NSX Manager page, click the Settings icon.
    2. From the drop-down menu, select Reboot Appliance.
  6. Repeat Connect NSX Manager to vCenter Server in Region A procedure for the compute NSX Manager.
  7. Repeat Re-Join Secondary NSX Manager to Primary NSX Manager in Region A procedure for the compute NSX Manager with the following values.

    Settings

    Values

    Primary NSX Manager

    172.16.11.66

    NSX Manager

    172.17.11.66

    New IP address/Hostname

    172.17.11.66