After you deploy the appliance of NSX Manager, replace the default certificate with a customer certificate to establish trusted connection with the management components in the SDDC. The certificate generated by the CertGenVVD utility is signed by a certificate authority (CA) on the parent Active Directory server.

Use the following files to replace the certificate on NSX Manager for the shared edge and compute cluster:

Table 1. Certificate-Related Files on the NSX Manager Instance for the Shared Edge and Compute Cluster in Region A

NSX Manager FQDN

Certificate Filename


  • sfo01w01nsx01.4.p12


  1. Log in to the Compute NSX Manager appliance user interface.
    1. Open a Web browser and go to https://sfo01w01nsx01.sfo01.rainpole.local
    2. Log in using the following credentials.



      User name




  2. On the Home page, select Manage Appliance Settings.
  3. On the Manage tab, click SSL Certificates, click Upload PKCS#12 Keystore.
  4. Browse to the certificate chain file sfo01w01nsx01.4.p12, provide the keystore password or passphrase, and click Import.
  5. Restart the NSX Manager to propagate the CA-signed certificate.
    1. In the right corner of the NSX Manager page, click the Settings icon. 
    2. From the drop-down menu, select Reboot Appliance.