By default, NSX-T Manager uses a self-signed Secure Sockets Layer (SSL) certificate. This certificate is not trusted by end-user devices or Web browsers.

As a best practice, replace self-signed certificates with certificates that are signed by a third-party or enterprise Certificate Authority (CA).

Table 1. Design Decisions on the SSL Certificate of NSX-T Manager

Design ID

Design Decision

Design Justification

Design Implication

NSXT-VI-SDN-041

Replace the NSX-T Manager certificate with a certificate that is signed by a third-party Public Key Infrastructure.

Ensures that the communication between NSX-T administrators and the NSX-T Manager is encrypted by using a trusted certificate.

Replacing and managing certificates is an operational overhead.