After you deploy the first NSX-T Manager appliance, replace its default certificate to establish a trusted connection with the management components in the SDDC. You replace the existing certificates using the REST API of NSX-T Manager.


  1. Log in to the user interface of the first NSX-T Manager appliance.
    1. Open a Web browser and go to https://sfo01wnsx01a.sfo01.rainpole.local.
    2. Log in by using the following credentials.
      Setting Value
      User name admin
      Password nsx_admin_password
  2. Retrieve the ID of the certificate.
    1. On the main navigation bar, click System.
    2. In the navigation pane, select Certificates.
    3. Click the ID value of the sfo01wnsx01a certificate and copy it from the text box.
  3. Log in to the Windows host that has access to your data center.
  4. Replace the default certificate on the NSX-T Manager appliance with the CA-signed certificate.
    1. Start the Postman application in your Web browser and log in.
    2. On the Authorization tab, enter the following settings and click Update Request.




      Basic Auth

      User name




    3. On the Headers tab, add a key by using the following details.





      Key Value


    4. In the request pane at the top, from the drop-down menu that contains the HTTP request methods, select POST, and in the URL text box, enter the following URL.
      After the NSX-T Manager sends a response back, on the  Body tab, you see a 202 Accepted status.
  5. Log in to vCenter Server by using the vSphere Client.
    1. Open a Web browser and go to https://sfo01m01vc01.sfo01.rainpole.local/ui.
    2. Log in by using the following credentials.
      Setting Value
      User name administrator@vsphere.local
      Password vsphere_admin_password
  6. Restart the NSX-T Manager appliance.
    1. In the VMs and Templates inventory, expand the sfo01m01vc01.sfo01.rainpole.local > sfo01-m01dc > sfo01-m01fd-nsx tree.
    2. Right-click the sfo01wnsx01a virtual machine, and select Power > Restart Guest OS.