Replacing the VMware NSX-T Self-Signed SSL Certificate

Reading Time: 4 minutes

Out of the box, NSX-T Data Center utilises self-signed certificates for its cluster and manager nodes; however, it is recommended that you replace the self-signed certificates with CA-signed certificates to improve security.

In this article, we step through creating a certificate signing request and private key, generating a signed certificate in conjunction with your Certificate Authority, and finally applying the new certificate to your NSX-T cluster and manager nodes.

Continue reading → Replacing the VMware NSX-T Self-Signed SSL Certificate

NSX Manager – Replacing the SSL Certificate

Reading Time: 3 minutes

Applying a new SSL certificate to your NSX Manager really couldn’t be easier and, as the NSX Manager is part of a wider, security orientated product, we might as well do things properly and apply one!

First of all, and if already not in place, we’ll need to create a new Microsoft CA Template for SSL in vSphere. To do this, please take a look at VMware KB article 2112009. The procedure itself is a simple one, and I make reference below to a vSphere 6.x SSL certificate template, so it’s worth pointing out. This template was created using the aforementioned VMware KB.

To replace the NSX Manager SSL certificate, and to cert against your CA of choice, simply follow the below process.

Continue reading → NSX Manager – Replacing the SSL Certificate