top of page
  • viquarmca

How to Replace NSXT Manager Self Sign Certificate For LocalManager , MP-Cluster And Tomcat

Tomcat : for external communication from nsx manager nodes

mpc luster: for external communcation from nsx manager to nsx manager cluster.

local manager : for nsx federation account

by default these there certificate are valid till 825days .

1. Login to NSX Manager

2. Go to System -> certificate

3. Once you verify the Certificate validation for Mpcluster , tomcat and localManager . then proceed for the replacement of the certs , Here i am trying to replace the Certificate for localManager which is going to expire Aug 15 2025 .

4. Generate the CSR Using the existing information and Click Generate

5. Now click on the CSR which you have generated in step 4 , in my case its for localManager.

6. Select LocalManager -> Action-> Self sign certificate for CSR - >

keep 825 days default value and click Save

7. once the certificate is created , if we go into the Certificate tab , we will see two certs for localManager. one with old version and one with new one which we created.

8. Download postman for publishing the certificate .

9. open postman -> create new request

10. Keep params default

11. Authorization : ender admin and password

12. Headers : enter value as application\json

13. Under Body select radio button on raw and JSON

{ "cert_id": "certificate 6df5417c-a6f5-43bf-82d4-c9cd0131cc77",

"service_type": "LOCAL_MANAGER" }

how to find Certificate Id : Login to the NSX-> Certificate -> Newly Created Certificate expand it u will see the ID as show below.

16. Click on Send , this will pass the certificate to nsx manager .

318 views0 comments


bottom of page