After you deploy all three NSX-T Manager nodes, assign the virtual IP (VIP) address of the NSX-T Manager cluster and assign a certificate for the VIP address for trusted access to the user interface and API.

You use the CertGenVVD utility to generate a certificate that is signed by a certificate authority (CA) on the parent Active Directory server.
Table 1. URLs for Replacing the Certificates for the NSX-T Manager Appliances
NSX-T Manager Appliance POST URL for Certificate Replacement
sfo01wnsx01a https://sfo01wnsx01.sfo01.rainpole.local/api/v1/node/services/http?action=apply_certificate&certificate_id=sfo01wnsx01_certificate_ID


  1. Log in to the user interface of the first NSX-T Manager appliance.
    Setting Value
    URL https://sfo01wnsx01a.sfo01.rainpole.local
    User name admin
    Password nsx_admin_password
  2. Assign the virtual IP address to the NSX-T Manager cluster.
    1. On the main navigation bar, click System..
    2. For NSX-T 2.4.1, in the navigation pane, select Overview.
    3. For NSX-T versions 2.5 and 2.5.1, in the navigation pane, select Appliances.
    4. Click Edit for Virtual IP, and, in the Change virtual IP dialog box, enter, and click Save.
    5. When prompted, click Refresh.
  3. Retrieve the ID of the certificate for the NSX-T Manager node.
    1. On the main navigation bar, click System.
    2. In the navigation pane, select Certificates.
    3. Click the ID value of the sfo01wnsx01 certificate and copy its value from the text box.
  4. Log in to the host that has access to your data center.
  5. Assign a CA signed certificate to the NSX-T Manager cluster.
    1. Start the Postman application in your Web browser and log in.
    2. On the Authorization tab, configure the following settings and click Update request.
      Setting Value
      Type Basic Auth
      User name admin
      Password nsx_admin_password
    3. On the Headers tab, enter the following header details.
      Setting Value
      Key Content-Type
      Key Value application/xml
    4. In the request pane at the top, from the drop-down menu that contains the HTTP request methods, select POST, and in the URL text box, send the URL query.
      Setting Value
      HTTP request methods


      URL https://sfo01wnsx01.sfo01.rainpole.local/api/v1/cluster/api-certificate?action=set_cluster_certificate&certificate_id=sfo01wnsx01_certificate_ID
      After the NSX-T Manager appliance sends a response back, on the  Body tab, you see a 202 Accepted status.