After you deploy the appliance of NSX Manager, replace the default certificate with a custom certificate to establish trusted connection with the other management components in the SDDC. The certificate, that is generated by the CertGenVVD utility, is signed by the certificate authority on the parent Active Directory (AD) server.

After you replace the certificate of vCenter Server instance, replace the expiring certificates for the NSX Manager instances.

Use the following certificate file to replace the certificate on the NSX Manager instance:

Table 1. Certificate-Related Files on the NSX Manager Instance in ROBO SDDC

NSX Manager FQDN

Certificate Filename




  1. Log in to the NSX Manager appliance user interface.
    1. Open a Web browser and go to https://nyc01r01nsx01.rainpole.local.
    2. Log in using the following credentials.



      User name




  2. On the Home page, select Manage Appliance Settings.
  3. On the Manage tab, click SSL Certificates, click Upload PKCS#12 Keystore.
  4. Browse to the certificate chain file nyc01r01nsx01.4.p12, provide the keystore password or passphrase, and click Import.
  5. Restart the NSX Manager to propagate the CA-signed certificate.
    1. In the right corner of the NSX Manager page, click the Settings icon. 
    2. From the drop-down menu, select Reboot Appliance.
    3. On the Reboot Confirmation dialog box, click Yes.