After you deploy the appliance of NSX Manager, replace the default certificate with a customer certificate to establish trusted connection with the management components in the SDDC. The certificate generated by the CertGenVVD utility is signed by a certificate authority (CA) on the parent Active Directory server.

Table 1. Certificate-Related Files on the NSX Manager Instance
NSX Manager FQDN Certificate Filename
lax01w01nsx01.lax01.rainpole.local lax01w01nsx01.4.p12


  • CA-signed certificate files generated by using VMware Validated Design Certificate Generation Utility (CertGenVVD). See the VMware Validated Design Planning and Preparation documentation.


  1. Log in to the appliance interface of NSX Manager for the shared edge and compute cluster.
    1. Open a Web browser and go to https://lax01w01nsx01.lax01.rainpole.local .
    2. Log in using the following credentials.
      Setting Value
      User name admin
      Password nsx_manager_admin_password
  2. On the Home page, select Manage Appliance Settings.
  3. On the Manage tab, click SSL Certificates and click Upload PKSCS#12 Keystore.
  4. Browse to the certificate chain file lax01w01nsx01.4.p12, provide the keystore password or passphrase, and click Import.
  5. Restart the NSX Manager to propagate the CA-signed certificate.
    1. In the top right corner of the NSX Manager page, click the Settings icon. 
    2. From the drop-down menu, select Reboot Appliance.